diff --git a/nuclei-templates/2007/CVE-2007-4014-5d6f4e2c361c4aab3a6bd8c466682a86.yaml b/nuclei-templates/2007/CVE-2007-4014-5d6f4e2c361c4aab3a6bd8c466682a86.yaml index 4c9f51f80c..7faca1e840 100644 --- a/nuclei-templates/2007/CVE-2007-4014-5d6f4e2c361c4aab3a6bd8c466682a86.yaml +++ b/nuclei-templates/2007/CVE-2007-4014-5d6f4e2c361c4aab3a6bd8c466682a86.yaml @@ -15,17 +15,17 @@ info: cvss-score: 6.1 cve-id: CVE-2007-4014 metadata: - fofa-query: "wp-content/themes/blixed/" - google-query: inurl:"/wp-content/themes/blixed/" + fofa-query: "wp-content/themes/blix/" + google-query: inurl:"/wp-content/themes/blix/" shodan-query: 'vuln:CVE-2007-4014' - tags: cve,wordpress,wp-theme,blixed,medium + tags: cve,wordpress,wp-theme,blix,medium http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/themes/blixed/style.css" + - "{{BaseURL}}/wp-content/themes/blix/style.css" extractors: - type: regex @@ -51,9 +51,9 @@ http: - type: word words: - - "blixed" + - "blix" part: body - type: dsl dsl: - - compare_versions(version, '<= 1.0') \ No newline at end of file + - compare_versions(version, '<= 0.9.1') \ No newline at end of file diff --git a/nuclei-templates/2011/CVE-2011-4106-2978b3e7944a7a048e47347602b1cfab.yaml b/nuclei-templates/2011/CVE-2011-4106-2978b3e7944a7a048e47347602b1cfab.yaml index fb958f4e67..eda67be302 100644 --- a/nuclei-templates/2011/CVE-2011-4106-2978b3e7944a7a048e47347602b1cfab.yaml +++ b/nuclei-templates/2011/CVE-2011-4106-2978b3e7944a7a048e47347602b1cfab.yaml @@ -15,17 +15,17 @@ info: cvss-score: 9.8 cve-id: CVE-2011-4106 metadata: - fofa-query: "wp-content/plugins/category-list-portfolio-page/" - google-query: inurl:"/wp-content/plugins/category-list-portfolio-page/" + fofa-query: "wp-content/plugins/simple-post-thumbnails/" + google-query: inurl:"/wp-content/plugins/simple-post-thumbnails/" shodan-query: 'vuln:CVE-2011-4106' - tags: cve,wordpress,wp-plugin,category-list-portfolio-page,critical + tags: cve,wordpress,wp-plugin,simple-post-thumbnails,critical http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/category-list-portfolio-page/readme.txt" + - "{{BaseURL}}/wp-content/plugins/simple-post-thumbnails/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "category-list-portfolio-page" + - "simple-post-thumbnails" part: body - type: dsl diff --git a/nuclei-templates/2012/CVE-2012-3414-16ab5f3f6b91262e4d8f2689341e8445.yaml b/nuclei-templates/2012/CVE-2012-3414-16ab5f3f6b91262e4d8f2689341e8445.yaml new file mode 100644 index 0000000000..51d61e50ad --- /dev/null +++ b/nuclei-templates/2012/CVE-2012-3414-16ab5f3f6b91262e4d8f2689341e8445.yaml @@ -0,0 +1,59 @@ +id: CVE-2012-3414-16ab5f3f6b91262e4d8f2689341e8445 + +info: + name: > + SWFUpload <= 2.2.0.1 - Cross-Site Scripting + author: topscoder + severity: medium + description: > + Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFUpload 2.2.0.1 and earlier, as used in WordPress before 3.3.2, TinyMCE Image Manager 1.1, and other products, allows remote attackers to inject arbitrary web script or HTML via the movieName parameter, related to the "ExternalInterface.call" function. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d311aab4-fca8-4e83-83cf-c4b8350d7dd1?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2012-3414 + metadata: + fofa-query: "wp-content/plugins/nextgen-gallery/" + google-query: inurl:"/wp-content/plugins/nextgen-gallery/" + shodan-query: 'vuln:CVE-2012-3414' + tags: cve,wordpress,wp-plugin,nextgen-gallery,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nextgen-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nextgen-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.6') \ No newline at end of file diff --git a/nuclei-templates/2012/CVE-2012-3414-17b4021889355e42273acdbf861def42.yaml b/nuclei-templates/2012/CVE-2012-3414-17b4021889355e42273acdbf861def42.yaml index 3bf6e9d32b..1791ed364c 100644 --- a/nuclei-templates/2012/CVE-2012-3414-17b4021889355e42273acdbf861def42.yaml +++ b/nuclei-templates/2012/CVE-2012-3414-17b4021889355e42273acdbf861def42.yaml @@ -15,17 +15,17 @@ info: cvss-score: 6.1 cve-id: CVE-2012-3414 metadata: - fofa-query: "wp-content/plugins/wp-ecommerce-cvs-importer/" - google-query: inurl:"/wp-content/plugins/wp-ecommerce-cvs-importer/" + fofa-query: "wp-content/plugins/pica-photo-gallery/" + google-query: inurl:"/wp-content/plugins/pica-photo-gallery/" shodan-query: 'vuln:CVE-2012-3414' - tags: cve,wordpress,wp-plugin,wp-ecommerce-cvs-importer,medium + tags: cve,wordpress,wp-plugin,pica-photo-gallery,medium http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/wp-ecommerce-cvs-importer/readme.txt" + - "{{BaseURL}}/wp-content/plugins/pica-photo-gallery/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "wp-ecommerce-cvs-importer" + - "pica-photo-gallery" part: body - type: dsl diff --git a/nuclei-templates/2012/CVE-2012-3414-1a838116c494b197a9b7e34122973b1e.yaml b/nuclei-templates/2012/CVE-2012-3414-1a838116c494b197a9b7e34122973b1e.yaml new file mode 100644 index 0000000000..905a0de49c --- /dev/null +++ b/nuclei-templates/2012/CVE-2012-3414-1a838116c494b197a9b7e34122973b1e.yaml @@ -0,0 +1,59 @@ +id: CVE-2012-3414-1a838116c494b197a9b7e34122973b1e + +info: + name: > + SWFUpload <= 2.2.0.1 - Cross-Site Scripting + author: topscoder + severity: medium + description: > + Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFUpload 2.2.0.1 and earlier, as used in WordPress before 3.3.2, TinyMCE Image Manager 1.1, and other products, allows remote attackers to inject arbitrary web script or HTML via the movieName parameter, related to the "ExternalInterface.call" function. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d311aab4-fca8-4e83-83cf-c4b8350d7dd1?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2012-3414 + metadata: + fofa-query: "wp-content/plugins/wp-carouselslideshow/" + google-query: inurl:"/wp-content/plugins/wp-carouselslideshow/" + shodan-query: 'vuln:CVE-2012-3414' + tags: cve,wordpress,wp-plugin,wp-carouselslideshow,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-carouselslideshow/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-carouselslideshow" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.10') \ No newline at end of file diff --git a/nuclei-templates/2012/CVE-2012-3414-2136cd9926cebb79386190c5b5c4849d.yaml b/nuclei-templates/2012/CVE-2012-3414-2136cd9926cebb79386190c5b5c4849d.yaml new file mode 100644 index 0000000000..98e0d8e526 --- /dev/null +++ b/nuclei-templates/2012/CVE-2012-3414-2136cd9926cebb79386190c5b5c4849d.yaml @@ -0,0 +1,59 @@ +id: CVE-2012-3414-2136cd9926cebb79386190c5b5c4849d + +info: + name: > + SWFUpload <= 2.2.0.1 - Cross-Site Scripting + author: topscoder + severity: medium + description: > + Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFUpload 2.2.0.1 and earlier, as used in WordPress before 3.3.2, TinyMCE Image Manager 1.1, and other products, allows remote attackers to inject arbitrary web script or HTML via the movieName parameter, related to the "ExternalInterface.call" function. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d311aab4-fca8-4e83-83cf-c4b8350d7dd1?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2012-3414 + metadata: + fofa-query: "wp-content/plugins/wysija-newsletters/" + google-query: inurl:"/wp-content/plugins/wysija-newsletters/" + shodan-query: 'vuln:CVE-2012-3414' + tags: cve,wordpress,wp-plugin,wysija-newsletters,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wysija-newsletters/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wysija-newsletters" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.6') \ No newline at end of file diff --git a/nuclei-templates/2012/CVE-2012-3414-4e91c1a1829b052a9734b79f2d73e4ee.yaml b/nuclei-templates/2012/CVE-2012-3414-4e91c1a1829b052a9734b79f2d73e4ee.yaml new file mode 100644 index 0000000000..5776110c7d --- /dev/null +++ b/nuclei-templates/2012/CVE-2012-3414-4e91c1a1829b052a9734b79f2d73e4ee.yaml @@ -0,0 +1,59 @@ +id: CVE-2012-3414-4e91c1a1829b052a9734b79f2d73e4ee + +info: + name: > + SWFUpload <= 2.2.0.1 - Cross-Site Scripting + author: topscoder + severity: medium + description: > + Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFUpload 2.2.0.1 and earlier, as used in WordPress before 3.3.2, TinyMCE Image Manager 1.1, and other products, allows remote attackers to inject arbitrary web script or HTML via the movieName parameter, related to the "ExternalInterface.call" function. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d311aab4-fca8-4e83-83cf-c4b8350d7dd1?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2012-3414 + metadata: + fofa-query: "wp-content/plugins/wp-yasslideshow/" + google-query: inurl:"/wp-content/plugins/wp-yasslideshow/" + shodan-query: 'vuln:CVE-2012-3414' + tags: cve,wordpress,wp-plugin,wp-yasslideshow,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-yasslideshow/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-yasslideshow" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3') \ No newline at end of file diff --git a/nuclei-templates/2012/CVE-2012-3414-6a6bb38b130b38892ff7f3fb433490d9.yaml b/nuclei-templates/2012/CVE-2012-3414-6a6bb38b130b38892ff7f3fb433490d9.yaml new file mode 100644 index 0000000000..bac9cdeeab --- /dev/null +++ b/nuclei-templates/2012/CVE-2012-3414-6a6bb38b130b38892ff7f3fb433490d9.yaml @@ -0,0 +1,59 @@ +id: CVE-2012-3414-6a6bb38b130b38892ff7f3fb433490d9 + +info: + name: > + SWFUpload <= 2.2.0.1 - Cross-Site Scripting + author: topscoder + severity: medium + description: > + Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFUpload 2.2.0.1 and earlier, as used in WordPress before 3.3.2, TinyMCE Image Manager 1.1, and other products, allows remote attackers to inject arbitrary web script or HTML via the movieName parameter, related to the "ExternalInterface.call" function. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d311aab4-fca8-4e83-83cf-c4b8350d7dd1?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2012-3414 + metadata: + fofa-query: "wp-content/plugins/ultimate-tinymce/" + google-query: inurl:"/wp-content/plugins/ultimate-tinymce/" + shodan-query: 'vuln:CVE-2012-3414' + tags: cve,wordpress,wp-plugin,ultimate-tinymce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-tinymce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-tinymce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5') \ No newline at end of file diff --git a/nuclei-templates/2012/CVE-2012-3414-6c683fe061bc2e40776f220a00b12a4f.yaml b/nuclei-templates/2012/CVE-2012-3414-6c683fe061bc2e40776f220a00b12a4f.yaml new file mode 100644 index 0000000000..bdc6c8a1f8 --- /dev/null +++ b/nuclei-templates/2012/CVE-2012-3414-6c683fe061bc2e40776f220a00b12a4f.yaml @@ -0,0 +1,61 @@ +id: CVE-2012-3414-6c683fe061bc2e40776f220a00b12a4f + +info: + name: > + SWFUpload <= 2.2.0.1 - Cross-Site Scripting + author: topscoder + severity: medium + description: > + Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFUpload 2.2.0.1 and earlier, as used in WordPress before 3.3.2, TinyMCE Image Manager 1.1, and other products, allows remote attackers to inject arbitrary web script or HTML via the movieName parameter, related to the "ExternalInterface.call" function. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d311aab4-fca8-4e83-83cf-c4b8350d7dd1?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2012-3414 + metadata: + shodan-query: 'vuln:CVE-2012-3414' + tags: cve,wordpress,wp-core,medium + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '< 3.3.2') + - compare_versions(version_by_js, '< 3.3.2') + - compare_versions(version_by_css, '< 3.3.2') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/2012/CVE-2012-3414-7aec14addf060da962ee3e2f9d2a3dd2.yaml b/nuclei-templates/2012/CVE-2012-3414-7aec14addf060da962ee3e2f9d2a3dd2.yaml new file mode 100644 index 0000000000..c8d6be7ee5 --- /dev/null +++ b/nuclei-templates/2012/CVE-2012-3414-7aec14addf060da962ee3e2f9d2a3dd2.yaml @@ -0,0 +1,59 @@ +id: CVE-2012-3414-7aec14addf060da962ee3e2f9d2a3dd2 + +info: + name: > + SWFUpload <= 2.2.0.1 - Cross-Site Scripting + author: topscoder + severity: medium + description: > + Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFUpload 2.2.0.1 and earlier, as used in WordPress before 3.3.2, TinyMCE Image Manager 1.1, and other products, allows remote attackers to inject arbitrary web script or HTML via the movieName parameter, related to the "ExternalInterface.call" function. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d311aab4-fca8-4e83-83cf-c4b8350d7dd1?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2012-3414 + metadata: + fofa-query: "wp-content/plugins/wp-royal-gallery/" + google-query: inurl:"/wp-content/plugins/wp-royal-gallery/" + shodan-query: 'vuln:CVE-2012-3414' + tags: cve,wordpress,wp-plugin,wp-royal-gallery,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-royal-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-royal-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0') \ No newline at end of file diff --git a/nuclei-templates/2012/CVE-2012-3414-897b855122ee756e5cce3c7b7b755f79.yaml b/nuclei-templates/2012/CVE-2012-3414-897b855122ee756e5cce3c7b7b755f79.yaml new file mode 100644 index 0000000000..46f827bda3 --- /dev/null +++ b/nuclei-templates/2012/CVE-2012-3414-897b855122ee756e5cce3c7b7b755f79.yaml @@ -0,0 +1,59 @@ +id: CVE-2012-3414-897b855122ee756e5cce3c7b7b755f79 + +info: + name: > + SWFUpload <= 2.2.0.1 - Cross-Site Scripting + author: topscoder + severity: medium + description: > + Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFUpload 2.2.0.1 and earlier, as used in WordPress before 3.3.2, TinyMCE Image Manager 1.1, and other products, allows remote attackers to inject arbitrary web script or HTML via the movieName parameter, related to the "ExternalInterface.call" function. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d311aab4-fca8-4e83-83cf-c4b8350d7dd1?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2012-3414 + metadata: + fofa-query: "wp-content/plugins/wp-flipslideshow/" + google-query: inurl:"/wp-content/plugins/wp-flipslideshow/" + shodan-query: 'vuln:CVE-2012-3414' + tags: cve,wordpress,wp-plugin,wp-flipslideshow,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-flipslideshow/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-flipslideshow" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1') \ No newline at end of file diff --git a/nuclei-templates/2012/CVE-2012-3414-8fa03c8122bf9221b1ffd22ac06c804a.yaml b/nuclei-templates/2012/CVE-2012-3414-8fa03c8122bf9221b1ffd22ac06c804a.yaml new file mode 100644 index 0000000000..48e83c82d6 --- /dev/null +++ b/nuclei-templates/2012/CVE-2012-3414-8fa03c8122bf9221b1ffd22ac06c804a.yaml @@ -0,0 +1,59 @@ +id: CVE-2012-3414-8fa03c8122bf9221b1ffd22ac06c804a + +info: + name: > + SWFUpload <= 2.2.0.1 - Cross-Site Scripting + author: topscoder + severity: medium + description: > + Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFUpload 2.2.0.1 and earlier, as used in WordPress before 3.3.2, TinyMCE Image Manager 1.1, and other products, allows remote attackers to inject arbitrary web script or HTML via the movieName parameter, related to the "ExternalInterface.call" function. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d311aab4-fca8-4e83-83cf-c4b8350d7dd1?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2012-3414 + metadata: + fofa-query: "wp-content/plugins/wp-homepage-slideshow/" + google-query: inurl:"/wp-content/plugins/wp-homepage-slideshow/" + shodan-query: 'vuln:CVE-2012-3414' + tags: cve,wordpress,wp-plugin,wp-homepage-slideshow,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-homepage-slideshow/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-homepage-slideshow" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2') \ No newline at end of file diff --git a/nuclei-templates/2012/CVE-2012-3414-9f3f64549efb89260c6e47920189ac28.yaml b/nuclei-templates/2012/CVE-2012-3414-9f3f64549efb89260c6e47920189ac28.yaml new file mode 100644 index 0000000000..f7f017cf9e --- /dev/null +++ b/nuclei-templates/2012/CVE-2012-3414-9f3f64549efb89260c6e47920189ac28.yaml @@ -0,0 +1,59 @@ +id: CVE-2012-3414-9f3f64549efb89260c6e47920189ac28 + +info: + name: > + SWFUpload <= 2.2.0.1 - Cross-Site Scripting + author: topscoder + severity: medium + description: > + Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFUpload 2.2.0.1 and earlier, as used in WordPress before 3.3.2, TinyMCE Image Manager 1.1, and other products, allows remote attackers to inject arbitrary web script or HTML via the movieName parameter, related to the "ExternalInterface.call" function. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d311aab4-fca8-4e83-83cf-c4b8350d7dd1?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2012-3414 + metadata: + fofa-query: "wp-content/plugins/wp-superb-slideshow/" + google-query: inurl:"/wp-content/plugins/wp-superb-slideshow/" + shodan-query: 'vuln:CVE-2012-3414' + tags: cve,wordpress,wp-plugin,wp-superb-slideshow,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-superb-slideshow/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-superb-slideshow" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3') \ No newline at end of file diff --git a/nuclei-templates/2012/CVE-2012-3414-daeb837add505b9a795ded5034b74494.yaml b/nuclei-templates/2012/CVE-2012-3414-daeb837add505b9a795ded5034b74494.yaml new file mode 100644 index 0000000000..01b1180361 --- /dev/null +++ b/nuclei-templates/2012/CVE-2012-3414-daeb837add505b9a795ded5034b74494.yaml @@ -0,0 +1,59 @@ +id: CVE-2012-3414-daeb837add505b9a795ded5034b74494 + +info: + name: > + SWFUpload <= 2.2.0.1 - Cross-Site Scripting + author: topscoder + severity: medium + description: > + Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFUpload 2.2.0.1 and earlier, as used in WordPress before 3.3.2, TinyMCE Image Manager 1.1, and other products, allows remote attackers to inject arbitrary web script or HTML via the movieName parameter, related to the "ExternalInterface.call" function. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d311aab4-fca8-4e83-83cf-c4b8350d7dd1?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2012-3414 + metadata: + fofa-query: "wp-content/plugins/blaze-slide-show-for-wordpress/" + google-query: inurl:"/wp-content/plugins/blaze-slide-show-for-wordpress/" + shodan-query: 'vuln:CVE-2012-3414' + tags: cve,wordpress,wp-plugin,blaze-slide-show-for-wordpress,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/blaze-slide-show-for-wordpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "blaze-slide-show-for-wordpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4') \ No newline at end of file diff --git a/nuclei-templates/2012/CVE-2012-3414-e93da74e0cfbd71b56a99e030dcde832.yaml b/nuclei-templates/2012/CVE-2012-3414-e93da74e0cfbd71b56a99e030dcde832.yaml new file mode 100644 index 0000000000..78a41ccbfe --- /dev/null +++ b/nuclei-templates/2012/CVE-2012-3414-e93da74e0cfbd71b56a99e030dcde832.yaml @@ -0,0 +1,59 @@ +id: CVE-2012-3414-e93da74e0cfbd71b56a99e030dcde832 + +info: + name: > + SWFUpload <= 2.2.0.1 - Cross-Site Scripting + author: topscoder + severity: medium + description: > + Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFUpload 2.2.0.1 and earlier, as used in WordPress before 3.3.2, TinyMCE Image Manager 1.1, and other products, allows remote attackers to inject arbitrary web script or HTML via the movieName parameter, related to the "ExternalInterface.call" function. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d311aab4-fca8-4e83-83cf-c4b8350d7dd1?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2012-3414 + metadata: + fofa-query: "wp-content/plugins/wp-powerplaygallery/" + google-query: inurl:"/wp-content/plugins/wp-powerplaygallery/" + shodan-query: 'vuln:CVE-2012-3414' + tags: cve,wordpress,wp-plugin,wp-powerplaygallery,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-powerplaygallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-powerplaygallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.2') \ No newline at end of file diff --git a/nuclei-templates/2012/CVE-2012-3414-f88b8a0f9b35000afd4554c2103aabf6.yaml b/nuclei-templates/2012/CVE-2012-3414-f88b8a0f9b35000afd4554c2103aabf6.yaml new file mode 100644 index 0000000000..cf752b9584 --- /dev/null +++ b/nuclei-templates/2012/CVE-2012-3414-f88b8a0f9b35000afd4554c2103aabf6.yaml @@ -0,0 +1,59 @@ +id: CVE-2012-3414-f88b8a0f9b35000afd4554c2103aabf6 + +info: + name: > + SWFUpload <= 2.2.0.1 - Cross-Site Scripting + author: topscoder + severity: medium + description: > + Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFUpload 2.2.0.1 and earlier, as used in WordPress before 3.3.2, TinyMCE Image Manager 1.1, and other products, allows remote attackers to inject arbitrary web script or HTML via the movieName parameter, related to the "ExternalInterface.call" function. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d311aab4-fca8-4e83-83cf-c4b8350d7dd1?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2012-3414 + metadata: + fofa-query: "wp-content/plugins/flash-album-gallery/" + google-query: inurl:"/wp-content/plugins/flash-album-gallery/" + shodan-query: 'vuln:CVE-2012-3414' + tags: cve,wordpress,wp-plugin,flash-album-gallery,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/flash-album-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "flash-album-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.12') \ No newline at end of file diff --git a/nuclei-templates/2012/CVE-2012-3414-fd203b77714bf4e1537f8ba92f81dd86.yaml b/nuclei-templates/2012/CVE-2012-3414-fd203b77714bf4e1537f8ba92f81dd86.yaml new file mode 100644 index 0000000000..fa73d028b9 --- /dev/null +++ b/nuclei-templates/2012/CVE-2012-3414-fd203b77714bf4e1537f8ba92f81dd86.yaml @@ -0,0 +1,59 @@ +id: CVE-2012-3414-fd203b77714bf4e1537f8ba92f81dd86 + +info: + name: > + SWFUpload <= 2.2.0.1 - Cross-Site Scripting + author: topscoder + severity: medium + description: > + Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFUpload 2.2.0.1 and earlier, as used in WordPress before 3.3.2, TinyMCE Image Manager 1.1, and other products, allows remote attackers to inject arbitrary web script or HTML via the movieName parameter, related to the "ExternalInterface.call" function. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d311aab4-fca8-4e83-83cf-c4b8350d7dd1?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2012-3414 + metadata: + fofa-query: "wp-content/plugins/spotlightyour/" + google-query: inurl:"/wp-content/plugins/spotlightyour/" + shodan-query: 'vuln:CVE-2012-3414' + tags: cve,wordpress,wp-plugin,spotlightyour,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/spotlightyour/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "spotlightyour" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.4') \ No newline at end of file diff --git a/nuclei-templates/2012/CVE-2012-3414-fe4d569625d9e9596ab68e4f0f28c6e3.yaml b/nuclei-templates/2012/CVE-2012-3414-fe4d569625d9e9596ab68e4f0f28c6e3.yaml new file mode 100644 index 0000000000..304e5fd542 --- /dev/null +++ b/nuclei-templates/2012/CVE-2012-3414-fe4d569625d9e9596ab68e4f0f28c6e3.yaml @@ -0,0 +1,59 @@ +id: CVE-2012-3414-fe4d569625d9e9596ab68e4f0f28c6e3 + +info: + name: > + SWFUpload <= 2.2.0.1 - Cross-Site Scripting + author: topscoder + severity: medium + description: > + Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFUpload 2.2.0.1 and earlier, as used in WordPress before 3.3.2, TinyMCE Image Manager 1.1, and other products, allows remote attackers to inject arbitrary web script or HTML via the movieName parameter, related to the "ExternalInterface.call" function. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d311aab4-fca8-4e83-83cf-c4b8350d7dd1?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2012-3414 + metadata: + fofa-query: "wp-content/plugins/mac-dock-gallery/" + google-query: inurl:"/wp-content/plugins/mac-dock-gallery/" + shodan-query: 'vuln:CVE-2012-3414' + tags: cve,wordpress,wp-plugin,mac-dock-gallery,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mac-dock-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mac-dock-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.0') \ No newline at end of file diff --git a/nuclei-templates/2013/CVE-2013-6837-14a8a306c1582ddfe8780a4726270f6c.yaml b/nuclei-templates/2013/CVE-2013-6837-14a8a306c1582ddfe8780a4726270f6c.yaml new file mode 100644 index 0000000000..79f782a35a --- /dev/null +++ b/nuclei-templates/2013/CVE-2013-6837-14a8a306c1582ddfe8780a4726270f6c.yaml @@ -0,0 +1,59 @@ +id: CVE-2013-6837-14a8a306c1582ddfe8780a4726270f6c + +info: + name: > + PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting + author: topscoder + severity: medium + description: > + Cross-site scripting (XSS) vulnerability in the setTimeout function in js/jquery.prettyPhoto.js in prettyPhoto 3.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted PATH_INTO to the default URI. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2cc5962f-4d3c-43ea-996b-a5bb3d0dccef?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2013-6837 + metadata: + fofa-query: "wp-content/plugins/trexanh-property/" + google-query: inurl:"/wp-content/plugins/trexanh-property/" + shodan-query: 'vuln:CVE-2013-6837' + tags: cve,wordpress,wp-plugin,trexanh-property,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/trexanh-property/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "trexanh-property" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.1') \ No newline at end of file diff --git a/nuclei-templates/2013/CVE-2013-6837-1933071fd84bafbc4121bc42ad38ad33.yaml b/nuclei-templates/2013/CVE-2013-6837-1933071fd84bafbc4121bc42ad38ad33.yaml new file mode 100644 index 0000000000..5ab45a48dc --- /dev/null +++ b/nuclei-templates/2013/CVE-2013-6837-1933071fd84bafbc4121bc42ad38ad33.yaml @@ -0,0 +1,59 @@ +id: CVE-2013-6837-1933071fd84bafbc4121bc42ad38ad33 + +info: + name: > + PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting + author: topscoder + severity: medium + description: > + Cross-site scripting (XSS) vulnerability in the setTimeout function in js/jquery.prettyPhoto.js in prettyPhoto 3.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted PATH_INTO to the default URI. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2cc5962f-4d3c-43ea-996b-a5bb3d0dccef?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2013-6837 + metadata: + fofa-query: "wp-content/plugins/wp-video-lightbox/" + google-query: inurl:"/wp-content/plugins/wp-video-lightbox/" + shodan-query: 'vuln:CVE-2013-6837' + tags: cve,wordpress,wp-plugin,wp-video-lightbox,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-video-lightbox/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-video-lightbox" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.7.5') \ No newline at end of file diff --git a/nuclei-templates/2013/CVE-2013-6837-1c4f380813fca6d50ba62557622ea9a2.yaml b/nuclei-templates/2013/CVE-2013-6837-1c4f380813fca6d50ba62557622ea9a2.yaml new file mode 100644 index 0000000000..b44601a4b8 --- /dev/null +++ b/nuclei-templates/2013/CVE-2013-6837-1c4f380813fca6d50ba62557622ea9a2.yaml @@ -0,0 +1,59 @@ +id: CVE-2013-6837-1c4f380813fca6d50ba62557622ea9a2 + +info: + name: > + PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting + author: topscoder + severity: medium + description: > + Cross-site scripting (XSS) vulnerability in the setTimeout function in js/jquery.prettyPhoto.js in prettyPhoto 3.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted PATH_INTO to the default URI. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2cc5962f-4d3c-43ea-996b-a5bb3d0dccef?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2013-6837 + metadata: + fofa-query: "wp-content/plugins/tallykit/" + google-query: inurl:"/wp-content/plugins/tallykit/" + shodan-query: 'vuln:CVE-2013-6837' + tags: cve,wordpress,wp-plugin,tallykit,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tallykit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tallykit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.5') \ No newline at end of file diff --git a/nuclei-templates/2013/CVE-2013-6837-36a3d68747319cdafdba41a095b075c2.yaml b/nuclei-templates/2013/CVE-2013-6837-36a3d68747319cdafdba41a095b075c2.yaml new file mode 100644 index 0000000000..5857cac8b8 --- /dev/null +++ b/nuclei-templates/2013/CVE-2013-6837-36a3d68747319cdafdba41a095b075c2.yaml @@ -0,0 +1,59 @@ +id: CVE-2013-6837-36a3d68747319cdafdba41a095b075c2 + +info: + name: > + PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting + author: topscoder + severity: medium + description: > + Cross-site scripting (XSS) vulnerability in the setTimeout function in js/jquery.prettyPhoto.js in prettyPhoto 3.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted PATH_INTO to the default URI. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2cc5962f-4d3c-43ea-996b-a5bb3d0dccef?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2013-6837 + metadata: + fofa-query: "wp-content/plugins/jcwp-youtube-channel-embed/" + google-query: inurl:"/wp-content/plugins/jcwp-youtube-channel-embed/" + shodan-query: 'vuln:CVE-2013-6837' + tags: cve,wordpress,wp-plugin,jcwp-youtube-channel-embed,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jcwp-youtube-channel-embed/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jcwp-youtube-channel-embed" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.0') \ No newline at end of file diff --git a/nuclei-templates/2013/CVE-2013-6837-45779b4e79497f868977d22d2283a8db.yaml b/nuclei-templates/2013/CVE-2013-6837-45779b4e79497f868977d22d2283a8db.yaml new file mode 100644 index 0000000000..2643fa493f --- /dev/null +++ b/nuclei-templates/2013/CVE-2013-6837-45779b4e79497f868977d22d2283a8db.yaml @@ -0,0 +1,59 @@ +id: CVE-2013-6837-45779b4e79497f868977d22d2283a8db + +info: + name: > + PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting + author: topscoder + severity: medium + description: > + Cross-site scripting (XSS) vulnerability in the setTimeout function in js/jquery.prettyPhoto.js in prettyPhoto 3.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted PATH_INTO to the default URI. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2cc5962f-4d3c-43ea-996b-a5bb3d0dccef?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2013-6837 + metadata: + fofa-query: "wp-content/plugins/myblogu/" + google-query: inurl:"/wp-content/plugins/myblogu/" + shodan-query: 'vuln:CVE-2013-6837' + tags: cve,wordpress,wp-plugin,myblogu,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/myblogu/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "myblogu" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 0.0.8') \ No newline at end of file diff --git a/nuclei-templates/2013/CVE-2013-6837-4dac26a607a0b164f0af0325b7677371.yaml b/nuclei-templates/2013/CVE-2013-6837-4dac26a607a0b164f0af0325b7677371.yaml new file mode 100644 index 0000000000..cf48f2a929 --- /dev/null +++ b/nuclei-templates/2013/CVE-2013-6837-4dac26a607a0b164f0af0325b7677371.yaml @@ -0,0 +1,59 @@ +id: CVE-2013-6837-4dac26a607a0b164f0af0325b7677371 + +info: + name: > + PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting + author: topscoder + severity: medium + description: > + Cross-site scripting (XSS) vulnerability in the setTimeout function in js/jquery.prettyPhoto.js in prettyPhoto 3.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted PATH_INTO to the default URI. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2cc5962f-4d3c-43ea-996b-a5bb3d0dccef?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2013-6837 + metadata: + fofa-query: "wp-content/plugins/contact-bank/" + google-query: inurl:"/wp-content/plugins/contact-bank/" + shodan-query: 'vuln:CVE-2013-6837' + tags: cve,wordpress,wp-plugin,contact-bank,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-bank/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-bank" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.227') \ No newline at end of file diff --git a/nuclei-templates/2013/CVE-2013-6837-5ca206d1eb03789f201bcb482941e4fd.yaml b/nuclei-templates/2013/CVE-2013-6837-5ca206d1eb03789f201bcb482941e4fd.yaml new file mode 100644 index 0000000000..526e742b7c --- /dev/null +++ b/nuclei-templates/2013/CVE-2013-6837-5ca206d1eb03789f201bcb482941e4fd.yaml @@ -0,0 +1,59 @@ +id: CVE-2013-6837-5ca206d1eb03789f201bcb482941e4fd + +info: + name: > + PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting + author: topscoder + severity: medium + description: > + Cross-site scripting (XSS) vulnerability in the setTimeout function in js/jquery.prettyPhoto.js in prettyPhoto 3.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted PATH_INTO to the default URI. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2cc5962f-4d3c-43ea-996b-a5bb3d0dccef?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2013-6837 + metadata: + fofa-query: "wp-content/plugins/ehive-object-details/" + google-query: inurl:"/wp-content/plugins/ehive-object-details/" + shodan-query: 'vuln:CVE-2013-6837' + tags: cve,wordpress,wp-plugin,ehive-object-details,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ehive-object-details/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ehive-object-details" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1.7') \ No newline at end of file diff --git a/nuclei-templates/2013/CVE-2013-6837-5ed65cc5c582347e39324cc515a99dae.yaml b/nuclei-templates/2013/CVE-2013-6837-5ed65cc5c582347e39324cc515a99dae.yaml new file mode 100644 index 0000000000..19aab1c748 --- /dev/null +++ b/nuclei-templates/2013/CVE-2013-6837-5ed65cc5c582347e39324cc515a99dae.yaml @@ -0,0 +1,59 @@ +id: CVE-2013-6837-5ed65cc5c582347e39324cc515a99dae + +info: + name: > + PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting + author: topscoder + severity: medium + description: > + Cross-site scripting (XSS) vulnerability in the setTimeout function in js/jquery.prettyPhoto.js in prettyPhoto 3.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted PATH_INTO to the default URI. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2cc5962f-4d3c-43ea-996b-a5bb3d0dccef?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2013-6837 + metadata: + fofa-query: "wp-content/plugins/image-slider-widget/" + google-query: inurl:"/wp-content/plugins/image-slider-widget/" + shodan-query: 'vuln:CVE-2013-6837' + tags: cve,wordpress,wp-plugin,image-slider-widget,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/image-slider-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "image-slider-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.7') \ No newline at end of file diff --git a/nuclei-templates/2013/CVE-2013-6837-6ee4159d7cb23a3d7505d87a48199a57.yaml b/nuclei-templates/2013/CVE-2013-6837-6ee4159d7cb23a3d7505d87a48199a57.yaml new file mode 100644 index 0000000000..2a1474ec26 --- /dev/null +++ b/nuclei-templates/2013/CVE-2013-6837-6ee4159d7cb23a3d7505d87a48199a57.yaml @@ -0,0 +1,59 @@ +id: CVE-2013-6837-6ee4159d7cb23a3d7505d87a48199a57 + +info: + name: > + PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting + author: topscoder + severity: medium + description: > + Cross-site scripting (XSS) vulnerability in the setTimeout function in js/jquery.prettyPhoto.js in prettyPhoto 3.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted PATH_INTO to the default URI. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2cc5962f-4d3c-43ea-996b-a5bb3d0dccef?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2013-6837 + metadata: + fofa-query: "wp-content/plugins/gallery-bank/" + google-query: inurl:"/wp-content/plugins/gallery-bank/" + shodan-query: 'vuln:CVE-2013-6837' + tags: cve,wordpress,wp-plugin,gallery-bank,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gallery-bank/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gallery-bank" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.0.229') \ No newline at end of file diff --git a/nuclei-templates/2013/CVE-2013-6837-7c11c65b3ddc6f9d2b9a27c9d602ed9e.yaml b/nuclei-templates/2013/CVE-2013-6837-7c11c65b3ddc6f9d2b9a27c9d602ed9e.yaml new file mode 100644 index 0000000000..7d8aace5a0 --- /dev/null +++ b/nuclei-templates/2013/CVE-2013-6837-7c11c65b3ddc6f9d2b9a27c9d602ed9e.yaml @@ -0,0 +1,59 @@ +id: CVE-2013-6837-7c11c65b3ddc6f9d2b9a27c9d602ed9e + +info: + name: > + PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting + author: topscoder + severity: medium + description: > + Cross-site scripting (XSS) vulnerability in the setTimeout function in js/jquery.prettyPhoto.js in prettyPhoto 3.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted PATH_INTO to the default URI. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2cc5962f-4d3c-43ea-996b-a5bb3d0dccef?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2013-6837 + metadata: + fofa-query: "wp-content/plugins/alpine-photo-tile-for-instagram/" + google-query: inurl:"/wp-content/plugins/alpine-photo-tile-for-instagram/" + shodan-query: 'vuln:CVE-2013-6837' + tags: cve,wordpress,wp-plugin,alpine-photo-tile-for-instagram,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/alpine-photo-tile-for-instagram/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "alpine-photo-tile-for-instagram" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.7.5') \ No newline at end of file diff --git a/nuclei-templates/2013/CVE-2013-6837-825e3ed03864fc418ac72f94992ef6ed.yaml b/nuclei-templates/2013/CVE-2013-6837-825e3ed03864fc418ac72f94992ef6ed.yaml new file mode 100644 index 0000000000..0a8083dba7 --- /dev/null +++ b/nuclei-templates/2013/CVE-2013-6837-825e3ed03864fc418ac72f94992ef6ed.yaml @@ -0,0 +1,59 @@ +id: CVE-2013-6837-825e3ed03864fc418ac72f94992ef6ed + +info: + name: > + PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting + author: topscoder + severity: medium + description: > + Cross-site scripting (XSS) vulnerability in the setTimeout function in js/jquery.prettyPhoto.js in prettyPhoto 3.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted PATH_INTO to the default URI. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2cc5962f-4d3c-43ea-996b-a5bb3d0dccef?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2013-6837 + metadata: + fofa-query: "wp-content/plugins/s2member-secure-file-browser/" + google-query: inurl:"/wp-content/plugins/s2member-secure-file-browser/" + shodan-query: 'vuln:CVE-2013-6837' + tags: cve,wordpress,wp-plugin,s2member-secure-file-browser,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/s2member-secure-file-browser/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "s2member-secure-file-browser" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 0.4.17') \ No newline at end of file diff --git a/nuclei-templates/2013/CVE-2013-6837-8615f37381f6e619f2847a48c7f3c3ba.yaml b/nuclei-templates/2013/CVE-2013-6837-8615f37381f6e619f2847a48c7f3c3ba.yaml index fe193a9ae3..b13159182a 100644 --- a/nuclei-templates/2013/CVE-2013-6837-8615f37381f6e619f2847a48c7f3c3ba.yaml +++ b/nuclei-templates/2013/CVE-2013-6837-8615f37381f6e619f2847a48c7f3c3ba.yaml @@ -15,17 +15,17 @@ info: cvss-score: 6.1 cve-id: CVE-2013-6837 metadata: - fofa-query: "wp-content/plugins/mytreasures/" - google-query: inurl:"/wp-content/plugins/mytreasures/" + fofa-query: "wp-content/plugins/mklasens-photobox/" + google-query: inurl:"/wp-content/plugins/mklasens-photobox/" shodan-query: 'vuln:CVE-2013-6837' - tags: cve,wordpress,wp-plugin,mytreasures,medium + tags: cve,wordpress,wp-plugin,mklasens-photobox,medium http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/mytreasures/readme.txt" + - "{{BaseURL}}/wp-content/plugins/mklasens-photobox/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "mytreasures" + - "mklasens-photobox" part: body - type: dsl diff --git a/nuclei-templates/2013/CVE-2013-6837-8659c8738ddf5000b3f0879e334a8851.yaml b/nuclei-templates/2013/CVE-2013-6837-8659c8738ddf5000b3f0879e334a8851.yaml new file mode 100644 index 0000000000..3e4e56d065 --- /dev/null +++ b/nuclei-templates/2013/CVE-2013-6837-8659c8738ddf5000b3f0879e334a8851.yaml @@ -0,0 +1,59 @@ +id: CVE-2013-6837-8659c8738ddf5000b3f0879e334a8851 + +info: + name: > + PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting + author: topscoder + severity: medium + description: > + Cross-site scripting (XSS) vulnerability in the setTimeout function in js/jquery.prettyPhoto.js in prettyPhoto 3.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted PATH_INTO to the default URI. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2cc5962f-4d3c-43ea-996b-a5bb3d0dccef?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2013-6837 + metadata: + fofa-query: "wp-content/plugins/webrotate-360-product-viewer/" + google-query: inurl:"/wp-content/plugins/webrotate-360-product-viewer/" + shodan-query: 'vuln:CVE-2013-6837' + tags: cve,wordpress,wp-plugin,webrotate-360-product-viewer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/webrotate-360-product-viewer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "webrotate-360-product-viewer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.5.2') \ No newline at end of file diff --git a/nuclei-templates/2013/CVE-2013-6837-8e02cba9fb99499aa16fd8049d02573a.yaml b/nuclei-templates/2013/CVE-2013-6837-8e02cba9fb99499aa16fd8049d02573a.yaml new file mode 100644 index 0000000000..2b7e663fd0 --- /dev/null +++ b/nuclei-templates/2013/CVE-2013-6837-8e02cba9fb99499aa16fd8049d02573a.yaml @@ -0,0 +1,59 @@ +id: CVE-2013-6837-8e02cba9fb99499aa16fd8049d02573a + +info: + name: > + PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting + author: topscoder + severity: medium + description: > + Cross-site scripting (XSS) vulnerability in the setTimeout function in js/jquery.prettyPhoto.js in prettyPhoto 3.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted PATH_INTO to the default URI. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2cc5962f-4d3c-43ea-996b-a5bb3d0dccef?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2013-6837 + metadata: + fofa-query: "wp-content/plugins/onclick-show-popup/" + google-query: inurl:"/wp-content/plugins/onclick-show-popup/" + shodan-query: 'vuln:CVE-2013-6837' + tags: cve,wordpress,wp-plugin,onclick-show-popup,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/onclick-show-popup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "onclick-show-popup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 6.6') \ No newline at end of file diff --git a/nuclei-templates/2013/CVE-2013-6837-94c42e090afea3eb9b9848caa7684e23.yaml b/nuclei-templates/2013/CVE-2013-6837-94c42e090afea3eb9b9848caa7684e23.yaml new file mode 100644 index 0000000000..9c95a6e03f --- /dev/null +++ b/nuclei-templates/2013/CVE-2013-6837-94c42e090afea3eb9b9848caa7684e23.yaml @@ -0,0 +1,59 @@ +id: CVE-2013-6837-94c42e090afea3eb9b9848caa7684e23 + +info: + name: > + PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting + author: topscoder + severity: medium + description: > + Cross-site scripting (XSS) vulnerability in the setTimeout function in js/jquery.prettyPhoto.js in prettyPhoto 3.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted PATH_INTO to the default URI. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2cc5962f-4d3c-43ea-996b-a5bb3d0dccef?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2013-6837 + metadata: + fofa-query: "wp-content/plugins/wppizza/" + google-query: inurl:"/wp-content/plugins/wppizza/" + shodan-query: 'vuln:CVE-2013-6837' + tags: cve,wordpress,wp-plugin,wppizza,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wppizza/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wppizza" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.11.8.18') \ No newline at end of file diff --git a/nuclei-templates/2013/CVE-2013-6837-98f125e4fc06cd942d75ed301112bcd1.yaml b/nuclei-templates/2013/CVE-2013-6837-98f125e4fc06cd942d75ed301112bcd1.yaml new file mode 100644 index 0000000000..b3212690c3 --- /dev/null +++ b/nuclei-templates/2013/CVE-2013-6837-98f125e4fc06cd942d75ed301112bcd1.yaml @@ -0,0 +1,59 @@ +id: CVE-2013-6837-98f125e4fc06cd942d75ed301112bcd1 + +info: + name: > + PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting + author: topscoder + severity: medium + description: > + Cross-site scripting (XSS) vulnerability in the setTimeout function in js/jquery.prettyPhoto.js in prettyPhoto 3.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted PATH_INTO to the default URI. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2cc5962f-4d3c-43ea-996b-a5bb3d0dccef?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2013-6837 + metadata: + fofa-query: "wp-content/plugins/responsive-lightbox/" + google-query: inurl:"/wp-content/plugins/responsive-lightbox/" + shodan-query: 'vuln:CVE-2013-6837' + tags: cve,wordpress,wp-plugin,responsive-lightbox,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/responsive-lightbox/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "responsive-lightbox" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.4.12') \ No newline at end of file diff --git a/nuclei-templates/2013/CVE-2013-6837-a828ce4b8d73d809cd8347dc78a0f078.yaml b/nuclei-templates/2013/CVE-2013-6837-a828ce4b8d73d809cd8347dc78a0f078.yaml new file mode 100644 index 0000000000..aa233293b4 --- /dev/null +++ b/nuclei-templates/2013/CVE-2013-6837-a828ce4b8d73d809cd8347dc78a0f078.yaml @@ -0,0 +1,59 @@ +id: CVE-2013-6837-a828ce4b8d73d809cd8347dc78a0f078 + +info: + name: > + PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting + author: topscoder + severity: medium + description: > + Cross-site scripting (XSS) vulnerability in the setTimeout function in js/jquery.prettyPhoto.js in prettyPhoto 3.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted PATH_INTO to the default URI. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2cc5962f-4d3c-43ea-996b-a5bb3d0dccef?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2013-6837 + metadata: + fofa-query: "wp-content/plugins/wp-portfolio-gallery/" + google-query: inurl:"/wp-content/plugins/wp-portfolio-gallery/" + shodan-query: 'vuln:CVE-2013-6837' + tags: cve,wordpress,wp-plugin,wp-portfolio-gallery,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-portfolio-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-portfolio-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.0') \ No newline at end of file diff --git a/nuclei-templates/2013/CVE-2013-6837-bacac072653af718cfe31218049bd46f.yaml b/nuclei-templates/2013/CVE-2013-6837-bacac072653af718cfe31218049bd46f.yaml new file mode 100644 index 0000000000..ddda822769 --- /dev/null +++ b/nuclei-templates/2013/CVE-2013-6837-bacac072653af718cfe31218049bd46f.yaml @@ -0,0 +1,59 @@ +id: CVE-2013-6837-bacac072653af718cfe31218049bd46f + +info: + name: > + PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting + author: topscoder + severity: medium + description: > + Cross-site scripting (XSS) vulnerability in the setTimeout function in js/jquery.prettyPhoto.js in prettyPhoto 3.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted PATH_INTO to the default URI. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2cc5962f-4d3c-43ea-996b-a5bb3d0dccef?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2013-6837 + metadata: + fofa-query: "wp-content/plugins/foxyshop/" + google-query: inurl:"/wp-content/plugins/foxyshop/" + shodan-query: 'vuln:CVE-2013-6837' + tags: cve,wordpress,wp-plugin,foxyshop,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/foxyshop/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "foxyshop" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.6.1') \ No newline at end of file diff --git a/nuclei-templates/2013/CVE-2013-6837-ca3b16738c2e43dd41a0d52bab67e3fe.yaml b/nuclei-templates/2013/CVE-2013-6837-ca3b16738c2e43dd41a0d52bab67e3fe.yaml new file mode 100644 index 0000000000..4f24ceb744 --- /dev/null +++ b/nuclei-templates/2013/CVE-2013-6837-ca3b16738c2e43dd41a0d52bab67e3fe.yaml @@ -0,0 +1,59 @@ +id: CVE-2013-6837-ca3b16738c2e43dd41a0d52bab67e3fe + +info: + name: > + PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting + author: topscoder + severity: medium + description: > + Cross-site scripting (XSS) vulnerability in the setTimeout function in js/jquery.prettyPhoto.js in prettyPhoto 3.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted PATH_INTO to the default URI. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2cc5962f-4d3c-43ea-996b-a5bb3d0dccef?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2013-6837 + metadata: + fofa-query: "wp-content/plugins/ehive-account-details/" + google-query: inurl:"/wp-content/plugins/ehive-account-details/" + shodan-query: 'vuln:CVE-2013-6837' + tags: cve,wordpress,wp-plugin,ehive-account-details,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ehive-account-details/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ehive-account-details" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1.3') \ No newline at end of file diff --git a/nuclei-templates/2013/CVE-2013-6837-d7c55eeedf1bf8edd66541e2fa3f7287.yaml b/nuclei-templates/2013/CVE-2013-6837-d7c55eeedf1bf8edd66541e2fa3f7287.yaml new file mode 100644 index 0000000000..0da551b0a3 --- /dev/null +++ b/nuclei-templates/2013/CVE-2013-6837-d7c55eeedf1bf8edd66541e2fa3f7287.yaml @@ -0,0 +1,59 @@ +id: CVE-2013-6837-d7c55eeedf1bf8edd66541e2fa3f7287 + +info: + name: > + PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting + author: topscoder + severity: medium + description: > + Cross-site scripting (XSS) vulnerability in the setTimeout function in js/jquery.prettyPhoto.js in prettyPhoto 3.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted PATH_INTO to the default URI. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2cc5962f-4d3c-43ea-996b-a5bb3d0dccef?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2013-6837 + metadata: + fofa-query: "wp-content/plugins/embedplus-for-wordpress/" + google-query: inurl:"/wp-content/plugins/embedplus-for-wordpress/" + shodan-query: 'vuln:CVE-2013-6837' + tags: cve,wordpress,wp-plugin,embedplus-for-wordpress,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/embedplus-for-wordpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "embedplus-for-wordpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.4') \ No newline at end of file diff --git a/nuclei-templates/2013/CVE-2013-6837-e31a27229c88f49e7955d3cd1d6c563b.yaml b/nuclei-templates/2013/CVE-2013-6837-e31a27229c88f49e7955d3cd1d6c563b.yaml new file mode 100644 index 0000000000..84eab900af --- /dev/null +++ b/nuclei-templates/2013/CVE-2013-6837-e31a27229c88f49e7955d3cd1d6c563b.yaml @@ -0,0 +1,59 @@ +id: CVE-2013-6837-e31a27229c88f49e7955d3cd1d6c563b + +info: + name: > + PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting + author: topscoder + severity: medium + description: > + Cross-site scripting (XSS) vulnerability in the setTimeout function in js/jquery.prettyPhoto.js in prettyPhoto 3.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted PATH_INTO to the default URI. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2cc5962f-4d3c-43ea-996b-a5bb3d0dccef?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2013-6837 + metadata: + fofa-query: "wp-content/plugins/reflex-gallery/" + google-query: inurl:"/wp-content/plugins/reflex-gallery/" + shodan-query: 'vuln:CVE-2013-6837' + tags: cve,wordpress,wp-plugin,reflex-gallery,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/reflex-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "reflex-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.1.5') \ No newline at end of file diff --git a/nuclei-templates/2013/CVE-2013-6837-e8eef5ea33c93b10f31cd53f49e754d2.yaml b/nuclei-templates/2013/CVE-2013-6837-e8eef5ea33c93b10f31cd53f49e754d2.yaml new file mode 100644 index 0000000000..1fed87357f --- /dev/null +++ b/nuclei-templates/2013/CVE-2013-6837-e8eef5ea33c93b10f31cd53f49e754d2.yaml @@ -0,0 +1,59 @@ +id: CVE-2013-6837-e8eef5ea33c93b10f31cd53f49e754d2 + +info: + name: > + PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting + author: topscoder + severity: medium + description: > + Cross-site scripting (XSS) vulnerability in the setTimeout function in js/jquery.prettyPhoto.js in prettyPhoto 3.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted PATH_INTO to the default URI. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2cc5962f-4d3c-43ea-996b-a5bb3d0dccef?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2013-6837 + metadata: + fofa-query: "wp-content/plugins/izeechat/" + google-query: inurl:"/wp-content/plugins/izeechat/" + shodan-query: 'vuln:CVE-2013-6837' + tags: cve,wordpress,wp-plugin,izeechat,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/izeechat/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "izeechat" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1') \ No newline at end of file diff --git a/nuclei-templates/2013/CVE-2013-6837-ea0b54f72d1320c27e2f70c1d4647efe.yaml b/nuclei-templates/2013/CVE-2013-6837-ea0b54f72d1320c27e2f70c1d4647efe.yaml new file mode 100644 index 0000000000..6aed2368ec --- /dev/null +++ b/nuclei-templates/2013/CVE-2013-6837-ea0b54f72d1320c27e2f70c1d4647efe.yaml @@ -0,0 +1,59 @@ +id: CVE-2013-6837-ea0b54f72d1320c27e2f70c1d4647efe + +info: + name: > + PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting + author: topscoder + severity: medium + description: > + Cross-site scripting (XSS) vulnerability in the setTimeout function in js/jquery.prettyPhoto.js in prettyPhoto 3.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted PATH_INTO to the default URI. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2cc5962f-4d3c-43ea-996b-a5bb3d0dccef?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2013-6837 + metadata: + fofa-query: "wp-content/plugins/images-lazyload-and-slideshow/" + google-query: inurl:"/wp-content/plugins/images-lazyload-and-slideshow/" + shodan-query: 'vuln:CVE-2013-6837' + tags: cve,wordpress,wp-plugin,images-lazyload-and-slideshow,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/images-lazyload-and-slideshow/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "images-lazyload-and-slideshow" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.3') \ No newline at end of file diff --git a/nuclei-templates/2013/CVE-2013-6837-fea21c8ef193cd93b9c36f1a676d00b8.yaml b/nuclei-templates/2013/CVE-2013-6837-fea21c8ef193cd93b9c36f1a676d00b8.yaml new file mode 100644 index 0000000000..3ee8fc9272 --- /dev/null +++ b/nuclei-templates/2013/CVE-2013-6837-fea21c8ef193cd93b9c36f1a676d00b8.yaml @@ -0,0 +1,59 @@ +id: CVE-2013-6837-fea21c8ef193cd93b9c36f1a676d00b8 + +info: + name: > + PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting + author: topscoder + severity: medium + description: > + Cross-site scripting (XSS) vulnerability in the setTimeout function in js/jquery.prettyPhoto.js in prettyPhoto 3.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted PATH_INTO to the default URI. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2cc5962f-4d3c-43ea-996b-a5bb3d0dccef?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2013-6837 + metadata: + fofa-query: "wp-content/plugins/wp-easy-gallery/" + google-query: inurl:"/wp-content/plugins/wp-easy-gallery/" + shodan-query: 'vuln:CVE-2013-6837' + tags: cve,wordpress,wp-plugin,wp-easy-gallery,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-easy-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-easy-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.1.1') \ No newline at end of file diff --git a/nuclei-templates/2014/CVE-2014-10386-f5c72406d200149c5c99738305ce994a.yaml b/nuclei-templates/2014/CVE-2014-10386-f5c72406d200149c5c99738305ce994a.yaml index f2e7077052..afcfd529f7 100644 --- a/nuclei-templates/2014/CVE-2014-10386-f5c72406d200149c5c99738305ce994a.yaml +++ b/nuclei-templates/2014/CVE-2014-10386-f5c72406d200149c5c99738305ce994a.yaml @@ -11,7 +11,7 @@ info: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/ed9a6e27-c18f-4edf-b793-16021ebf0a6f?source=api-prod classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2014-10386 metadata: diff --git a/nuclei-templates/2014/CVE-2014-125093-afaf526c3411be2543770e6053fa0c6c.yaml b/nuclei-templates/2014/CVE-2014-125093-afaf526c3411be2543770e6053fa0c6c.yaml index 5408551420..545333732c 100644 --- a/nuclei-templates/2014/CVE-2014-125093-afaf526c3411be2543770e6053fa0c6c.yaml +++ b/nuclei-templates/2014/CVE-2014-125093-afaf526c3411be2543770e6053fa0c6c.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: medium description: > - The Ad Blocking Detector Plugin plugin for WordPress is vulnerable to information expsoure in all versions up to, and including, 1.2.1. This makes it possible for unauthenticated attackers to obtain the full path to instances. + The Ad Blocking Detector Plugin plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 1.2.1. This makes it possible for unauthenticated attackers to obtain the full path to instances. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/054bb123-132c-4c32-9fd1-a9f289cfdc35?source=api-prod diff --git a/nuclei-templates/2014/CVE-2014-4663-ae82a3c9a9e0be615cc31b4846d1404c.yaml b/nuclei-templates/2014/CVE-2014-4663-ae82a3c9a9e0be615cc31b4846d1404c.yaml index 02d5132917..1a8b92dd49 100644 --- a/nuclei-templates/2014/CVE-2014-4663-ae82a3c9a9e0be615cc31b4846d1404c.yaml +++ b/nuclei-templates/2014/CVE-2014-4663-ae82a3c9a9e0be615cc31b4846d1404c.yaml @@ -15,17 +15,17 @@ info: cvss-score: 9.8 cve-id: CVE-2014-4663 metadata: - fofa-query: "wp-content/plugins/wordthumb/" - google-query: inurl:"/wp-content/plugins/wordthumb/" + fofa-query: "wp-content/plugins/timthumb/" + google-query: inurl:"/wp-content/plugins/timthumb/" shodan-query: 'vuln:CVE-2014-4663' - tags: cve,wordpress,wp-plugin,wordthumb,critical + tags: cve,wordpress,wp-plugin,timthumb,critical http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/wordthumb/readme.txt" + - "{{BaseURL}}/wp-content/plugins/timthumb/readme.txt" extractors: - type: regex @@ -51,9 +51,9 @@ http: - type: word words: - - "wordthumb" + - "timthumb" part: body - type: dsl dsl: - - compare_versions(version, '<= 1.07') \ No newline at end of file + - compare_versions(version, '<= 2.8.13') \ No newline at end of file diff --git a/nuclei-templates/2014/CVE-2014-7181-967fa8ff3042881837b28b5f97ec2461.yaml b/nuclei-templates/2014/CVE-2014-7181-967fa8ff3042881837b28b5f97ec2461.yaml index 11eb037c01..027c2f521d 100644 --- a/nuclei-templates/2014/CVE-2014-7181-967fa8ff3042881837b28b5f97ec2461.yaml +++ b/nuclei-templates/2014/CVE-2014-7181-967fa8ff3042881837b28b5f97ec2461.yaml @@ -2,7 +2,7 @@ id: CVE-2014-7181-967fa8ff3042881837b28b5f97ec2461 info: name: > - MaxButtons - < 1.26.1 - Reflected Cross-Site Scripting + MaxButtons < 1.26.1 - Reflected Cross-Site Scripting author: topscoder severity: medium description: > diff --git a/nuclei-templates/2015/CVE-2015-1000003-6ef28732ecdeb7755a9f14c5479b623c.yaml b/nuclei-templates/2015/CVE-2015-1000003-6ef28732ecdeb7755a9f14c5479b623c.yaml index 104bda1777..64b9e323f7 100644 --- a/nuclei-templates/2015/CVE-2015-1000003-6ef28732ecdeb7755a9f14c5479b623c.yaml +++ b/nuclei-templates/2015/CVE-2015-1000003-6ef28732ecdeb7755a9f14c5479b623c.yaml @@ -11,7 +11,7 @@ info: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/24d081e3-4291-427c-bf2c-726d93aa00ac?source=api-prod classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2015-1000003 metadata: diff --git a/nuclei-templates/2015/CVE-2015-10099-979810f48f68eb55b480f0b690582756.yaml b/nuclei-templates/2015/CVE-2015-10099-979810f48f68eb55b480f0b690582756.yaml index 0223df452f..b01ff88bd5 100644 --- a/nuclei-templates/2015/CVE-2015-10099-979810f48f68eb55b480f0b690582756.yaml +++ b/nuclei-templates/2015/CVE-2015-10099-979810f48f68eb55b480f0b690582756.yaml @@ -15,17 +15,17 @@ info: cvss-score: 9.8 cve-id: CVE-2015-10099 metadata: - fofa-query: "wp-content/plugins/UNKNOWN-CVE-2015-10099-1/" - google-query: inurl:"/wp-content/plugins/UNKNOWN-CVE-2015-10099-1/" + fofa-query: "wp-content/plugins/cp-appointment-calendar/" + google-query: inurl:"/wp-content/plugins/cp-appointment-calendar/" shodan-query: 'vuln:CVE-2015-10099' - tags: cve,wordpress,wp-plugin,UNKNOWN-CVE-2015-10099-1,critical + tags: cve,wordpress,wp-plugin,cp-appointment-calendar,critical http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/UNKNOWN-CVE-2015-10099-1/readme.txt" + - "{{BaseURL}}/wp-content/plugins/cp-appointment-calendar/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "UNKNOWN-CVE-2015-10099-1" + - "cp-appointment-calendar" part: body - type: dsl diff --git a/nuclei-templates/2015/CVE-2015-10100-1f2c7b2600dc27099a226f85ffecff26.yaml b/nuclei-templates/2015/CVE-2015-10100-1f2c7b2600dc27099a226f85ffecff26.yaml index c3476db9f1..c2b48b1577 100644 --- a/nuclei-templates/2015/CVE-2015-10100-1f2c7b2600dc27099a226f85ffecff26.yaml +++ b/nuclei-templates/2015/CVE-2015-10100-1f2c7b2600dc27099a226f85ffecff26.yaml @@ -15,17 +15,17 @@ info: cvss-score: 8.8 cve-id: CVE-2015-10100 metadata: - fofa-query: "wp-content/plugins/UNKNOWN-CVE-2015-10100-1/" - google-query: inurl:"/wp-content/plugins/UNKNOWN-CVE-2015-10100-1/" + fofa-query: "wp-content/plugins/dynamic-widgets/" + google-query: inurl:"/wp-content/plugins/dynamic-widgets/" shodan-query: 'vuln:CVE-2015-10100' - tags: cve,wordpress,wp-plugin,UNKNOWN-CVE-2015-10100-1,low + tags: cve,wordpress,wp-plugin,dynamic-widgets,low http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/UNKNOWN-CVE-2015-10100-1/readme.txt" + - "{{BaseURL}}/wp-content/plugins/dynamic-widgets/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "UNKNOWN-CVE-2015-10100-1" + - "dynamic-widgets" part: body - type: dsl diff --git a/nuclei-templates/2015/CVE-2015-10122-6955dd4a7936be277800f4bb1d641b77.yaml b/nuclei-templates/2015/CVE-2015-10122-6955dd4a7936be277800f4bb1d641b77.yaml index a570efb55e..28b11731b0 100644 --- a/nuclei-templates/2015/CVE-2015-10122-6955dd4a7936be277800f4bb1d641b77.yaml +++ b/nuclei-templates/2015/CVE-2015-10122-6955dd4a7936be277800f4bb1d641b77.yaml @@ -15,17 +15,17 @@ info: cvss-score: 9.8 cve-id: CVE-2015-10122 metadata: - fofa-query: "wp-content/plugins/UNKNOWN-CVE-2015-10122-1/" - google-query: inurl:"/wp-content/plugins/UNKNOWN-CVE-2015-10122-1/" + fofa-query: "wp-content/plugins/wp-donate/" + google-query: inurl:"/wp-content/plugins/wp-donate/" shodan-query: 'vuln:CVE-2015-10122' - tags: cve,wordpress,wp-plugin,UNKNOWN-CVE-2015-10122-1,critical + tags: cve,wordpress,wp-plugin,wp-donate,critical http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/UNKNOWN-CVE-2015-10122-1/readme.txt" + - "{{BaseURL}}/wp-content/plugins/wp-donate/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "UNKNOWN-CVE-2015-10122-1" + - "wp-donate" part: body - type: dsl diff --git a/nuclei-templates/2015/CVE-2015-9359-b0ce516bd34d943ae22cf500f3ff4c30.yaml b/nuclei-templates/2015/CVE-2015-9359-b0ce516bd34d943ae22cf500f3ff4c30.yaml index d5980cb903..1a508b75c5 100644 --- a/nuclei-templates/2015/CVE-2015-9359-b0ce516bd34d943ae22cf500f3ff4c30.yaml +++ b/nuclei-templates/2015/CVE-2015-9359-b0ce516bd34d943ae22cf500f3ff4c30.yaml @@ -11,7 +11,7 @@ info: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/90e7951b-3834-48a3-8a40-2b6055d1b62c?source=api-prod classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2015-9359 metadata: diff --git a/nuclei-templates/2016/CVE-2016-1000151-c5250cfbfc9c6088f5bd4dad269425f4.yaml b/nuclei-templates/2016/CVE-2016-1000151-c5250cfbfc9c6088f5bd4dad269425f4.yaml index d8b052424f..f2797c43ce 100644 --- a/nuclei-templates/2016/CVE-2016-1000151-c5250cfbfc9c6088f5bd4dad269425f4.yaml +++ b/nuclei-templates/2016/CVE-2016-1000151-c5250cfbfc9c6088f5bd4dad269425f4.yaml @@ -11,7 +11,7 @@ info: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/2bbf5adc-df9c-4629-909c-932998c50508?source=api-prod classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2016-1000151 metadata: diff --git a/nuclei-templates/2016/CVE-2016-10896-01c025a13662566a5354e86f2f632ec3.yaml b/nuclei-templates/2016/CVE-2016-10896-01c025a13662566a5354e86f2f632ec3.yaml index f0e6f1956d..c99c5db52a 100644 --- a/nuclei-templates/2016/CVE-2016-10896-01c025a13662566a5354e86f2f632ec3.yaml +++ b/nuclei-templates/2016/CVE-2016-10896-01c025a13662566a5354e86f2f632ec3.yaml @@ -11,7 +11,7 @@ info: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/11ad65cd-941f-4605-8b69-59146b2d59db?source=api-prod classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2016-10896 metadata: diff --git a/nuclei-templates/2016/CVE-2016-10925-da4b1e5e333855d63441eddc58b98387.yaml b/nuclei-templates/2016/CVE-2016-10925-da4b1e5e333855d63441eddc58b98387.yaml index 17d9e3c802..f4860ebd55 100644 --- a/nuclei-templates/2016/CVE-2016-10925-da4b1e5e333855d63441eddc58b98387.yaml +++ b/nuclei-templates/2016/CVE-2016-10925-da4b1e5e333855d63441eddc58b98387.yaml @@ -11,7 +11,7 @@ info: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/8b1f0741-1ccc-497a-b239-3cefb1204f04?source=api-prod classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2016-10925 metadata: diff --git a/nuclei-templates/2017/CVE-2017-1000170-22b977968cdfc3441165a4a3380516b6.yaml b/nuclei-templates/2017/CVE-2017-1000170-22b977968cdfc3441165a4a3380516b6.yaml new file mode 100644 index 0000000000..e7a9f1b072 --- /dev/null +++ b/nuclei-templates/2017/CVE-2017-1000170-22b977968cdfc3441165a4a3380516b6.yaml @@ -0,0 +1,59 @@ +id: CVE-2017-1000170-22b977968cdfc3441165a4a3380516b6 + +info: + name: > + JQueryFileTree <= 2.1.5 - Directory Traversal + author: topscoder + severity: high + description: > + Several WordPress plugins using the JqueryFileTree extension are vulnerable to Directory Traversal via the 'dir' parameter in various versions. This allows unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7f20352f-386f-45ab-b719-8a70f5c11b02?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cve-id: CVE-2017-1000170 + metadata: + fofa-query: "wp-content/plugins/revision-manager-tmc/" + google-query: inurl:"/wp-content/plugins/revision-manager-tmc/" + shodan-query: 'vuln:CVE-2017-1000170' + tags: cve,wordpress,wp-plugin,revision-manager-tmc,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/revision-manager-tmc/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "revision-manager-tmc" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.91') \ No newline at end of file diff --git a/nuclei-templates/2017/CVE-2017-1000170-dad08f25d5df0d40356912a4b8ac0851.yaml b/nuclei-templates/2017/CVE-2017-1000170-dad08f25d5df0d40356912a4b8ac0851.yaml index 56713c406b..ba2298c1c7 100644 --- a/nuclei-templates/2017/CVE-2017-1000170-dad08f25d5df0d40356912a4b8ac0851.yaml +++ b/nuclei-templates/2017/CVE-2017-1000170-dad08f25d5df0d40356912a4b8ac0851.yaml @@ -15,17 +15,17 @@ info: cvss-score: 7.5 cve-id: CVE-2017-1000170 metadata: - fofa-query: "wp-content/plugins/better-search-tmc/" - google-query: inurl:"/wp-content/plugins/better-search-tmc/" + fofa-query: "wp-content/plugins/delightful-downloads/" + google-query: inurl:"/wp-content/plugins/delightful-downloads/" shodan-query: 'vuln:CVE-2017-1000170' - tags: cve,wordpress,wp-plugin,better-search-tmc,high + tags: cve,wordpress,wp-plugin,delightful-downloads,high http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/better-search-tmc/readme.txt" + - "{{BaseURL}}/wp-content/plugins/delightful-downloads/readme.txt" extractors: - type: regex @@ -51,9 +51,9 @@ http: - type: word words: - - "better-search-tmc" + - "delightful-downloads" part: body - type: dsl dsl: - - compare_versions(version, '<= 1.0.52') \ No newline at end of file + - compare_versions(version, '<= 2.1.5') \ No newline at end of file diff --git a/nuclei-templates/2017/CVE-2017-16955-54b2c5bde330d2dc4614c1cb299f671b.yaml b/nuclei-templates/2017/CVE-2017-16955-54b2c5bde330d2dc4614c1cb299f671b.yaml index e9c21a1ded..94d248ad8d 100644 --- a/nuclei-templates/2017/CVE-2017-16955-54b2c5bde330d2dc4614c1cb299f671b.yaml +++ b/nuclei-templates/2017/CVE-2017-16955-54b2c5bde330d2dc4614c1cb299f671b.yaml @@ -11,7 +11,7 @@ info: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/682b40ad-ca62-47eb-9abc-fd43122d11c8?source=api-prod classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H cvss-score: 8.8 cve-id: CVE-2017-16955 metadata: diff --git a/nuclei-templates/2017/CVE-2017-17780-1d06ba04665773dbc446c425e50dc0cb.yaml b/nuclei-templates/2017/CVE-2017-17780-1d06ba04665773dbc446c425e50dc0cb.yaml new file mode 100644 index 0000000000..b2c0adf0da --- /dev/null +++ b/nuclei-templates/2017/CVE-2017-17780-1d06ba04665773dbc446c425e50dc0cb.yaml @@ -0,0 +1,59 @@ +id: CVE-2017-17780-1d06ba04665773dbc446c425e50dc0cb + +info: + name: > + Clockwork SMS Plugins - Multiple Versions - Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Clockwork SMS clockwork-test-message.php component has XSS via a crafted "to" parameter in a clockwork-test-message request to wp-admin/admin.php. This component code is found in the following WordPress plugins: Clockwork Free and Paid SMS Notifications 2.0.3, Two-Factor Authentication - Clockwork SMS 1.0.2, Booking Calendar - Clockwork SMS 1.0.5, Contact Form 7 - Clockwork SMS 2.3.0, Fast Secure Contact Form - Clockwork SMS 2.1.2, Formidable - Clockwork SMS 1.0.2, Gravity Forms - Clockwork SMS 2.2, and WP e-Commerce - Clockwork SMS 2.0.5. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d0f35a20-ffcf-4413-b1ea-748cd6aa6f20?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2017-17780 + metadata: + fofa-query: "wp-content/plugins/fscf-sms/" + google-query: inurl:"/wp-content/plugins/fscf-sms/" + shodan-query: 'vuln:CVE-2017-17780' + tags: cve,wordpress,wp-plugin,fscf-sms,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fscf-sms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fscf-sms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.2') \ No newline at end of file diff --git a/nuclei-templates/2017/CVE-2017-17780-4ceaab8a6ffc245f9c0e04b2ef7ad667.yaml b/nuclei-templates/2017/CVE-2017-17780-4ceaab8a6ffc245f9c0e04b2ef7ad667.yaml index afbcea57e8..1498bbdcd5 100644 --- a/nuclei-templates/2017/CVE-2017-17780-4ceaab8a6ffc245f9c0e04b2ef7ad667.yaml +++ b/nuclei-templates/2017/CVE-2017-17780-4ceaab8a6ffc245f9c0e04b2ef7ad667.yaml @@ -15,17 +15,17 @@ info: cvss-score: 6.1 cve-id: CVE-2017-17780 metadata: - fofa-query: "wp-content/plugins/clockwork-two-factor-authentication/" - google-query: inurl:"/wp-content/plugins/clockwork-two-factor-authentication/" + fofa-query: "wp-content/plugins/formidable-sms/" + google-query: inurl:"/wp-content/plugins/formidable-sms/" shodan-query: 'vuln:CVE-2017-17780' - tags: cve,wordpress,wp-plugin,clockwork-two-factor-authentication,medium + tags: cve,wordpress,wp-plugin,formidable-sms,medium http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/clockwork-two-factor-authentication/readme.txt" + - "{{BaseURL}}/wp-content/plugins/formidable-sms/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "clockwork-two-factor-authentication" + - "formidable-sms" part: body - type: dsl diff --git a/nuclei-templates/2017/CVE-2017-18496-a66f6415f281e8db135c6ab3fd9ef67b.yaml b/nuclei-templates/2017/CVE-2017-18496-a66f6415f281e8db135c6ab3fd9ef67b.yaml index 47abd5db8d..416e257acd 100644 --- a/nuclei-templates/2017/CVE-2017-18496-a66f6415f281e8db135c6ab3fd9ef67b.yaml +++ b/nuclei-templates/2017/CVE-2017-18496-a66f6415f281e8db135c6ab3fd9ef67b.yaml @@ -11,7 +11,7 @@ info: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/3a6eac3b-823a-4a26-acb7-339357c10a07?source=api-prod classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2017-18496 metadata: diff --git a/nuclei-templates/2017/CVE-2017-18516-65214f5c162e5bb485a75406ca5c65f9.yaml b/nuclei-templates/2017/CVE-2017-18516-65214f5c162e5bb485a75406ca5c65f9.yaml index 33d1c9ec05..bb8a792b81 100644 --- a/nuclei-templates/2017/CVE-2017-18516-65214f5c162e5bb485a75406ca5c65f9.yaml +++ b/nuclei-templates/2017/CVE-2017-18516-65214f5c162e5bb485a75406ca5c65f9.yaml @@ -11,7 +11,7 @@ info: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/3db65e14-50c6-4afe-84e5-0785fe9bf77a?source=api-prod classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2017-18516 metadata: diff --git a/nuclei-templates/2017/CVE-2017-18534-6cce420a2897d67e6258e9a1d73a3922.yaml b/nuclei-templates/2017/CVE-2017-18534-6cce420a2897d67e6258e9a1d73a3922.yaml index 378d477436..3911c6f81b 100644 --- a/nuclei-templates/2017/CVE-2017-18534-6cce420a2897d67e6258e9a1d73a3922.yaml +++ b/nuclei-templates/2017/CVE-2017-18534-6cce420a2897d67e6258e9a1d73a3922.yaml @@ -11,7 +11,7 @@ info: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/01b55b59-3107-4711-8be2-8b0803c0fa69?source=api-prod classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2017-18534 metadata: diff --git a/nuclei-templates/2017/CVE-2017-6573-8c712b4efe077d12237eba1df174c858.yaml b/nuclei-templates/2017/CVE-2017-6573-8c712b4efe077d12237eba1df174c858.yaml index 91c42fbc95..ff28b3891c 100644 --- a/nuclei-templates/2017/CVE-2017-6573-8c712b4efe077d12237eba1df174c858.yaml +++ b/nuclei-templates/2017/CVE-2017-6573-8c712b4efe077d12237eba1df174c858.yaml @@ -11,7 +11,7 @@ info: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/b97c6171-3842-4f2b-adf5-28fc4c0b24bf?source=api-prod classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H cvss-score: 7.2 cve-id: CVE-2017-6573 metadata: diff --git a/nuclei-templates/2018/CVE-2018-11568-31cf1d001e62f9482ba2c7a5ad6c4fd6.yaml b/nuclei-templates/2018/CVE-2018-11568-31cf1d001e62f9482ba2c7a5ad6c4fd6.yaml index bd0aa27c14..a9056f68c4 100644 --- a/nuclei-templates/2018/CVE-2018-11568-31cf1d001e62f9482ba2c7a5ad6c4fd6.yaml +++ b/nuclei-templates/2018/CVE-2018-11568-31cf1d001e62f9482ba2c7a5ad6c4fd6.yaml @@ -11,7 +11,7 @@ info: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/7ac251c8-4ade-4391-aedd-f48b13045a31?source=api-prod classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2018-11568 metadata: diff --git a/nuclei-templates/2018/CVE-2018-19564-afe4d0a10754a820907d449c0c58fa17.yaml b/nuclei-templates/2018/CVE-2018-19564-afe4d0a10754a820907d449c0c58fa17.yaml index f2c1ef9685..7c0fc6a64b 100644 --- a/nuclei-templates/2018/CVE-2018-19564-afe4d0a10754a820907d449c0c58fa17.yaml +++ b/nuclei-templates/2018/CVE-2018-19564-afe4d0a10754a820907d449c0c58fa17.yaml @@ -11,7 +11,7 @@ info: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/537acaf7-8d44-484d-9516-774a3de5573f?source=api-prod classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2018-19564 metadata: diff --git a/nuclei-templates/2018/CVE-2018-20970-8592dadb85efcc37a8da6ea5884cd4bb.yaml b/nuclei-templates/2018/CVE-2018-20970-8592dadb85efcc37a8da6ea5884cd4bb.yaml index 5274b3c9c1..4bed854f74 100644 --- a/nuclei-templates/2018/CVE-2018-20970-8592dadb85efcc37a8da6ea5884cd4bb.yaml +++ b/nuclei-templates/2018/CVE-2018-20970-8592dadb85efcc37a8da6ea5884cd4bb.yaml @@ -11,7 +11,7 @@ info: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/8e06032d-2e03-448b-9fe0-282d7723a605?source=api-prod classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2018-20970 metadata: diff --git a/nuclei-templates/2018/CVE-2018-5655-8f43099de36d8f2b78f359435c03feea.yaml b/nuclei-templates/2018/CVE-2018-5655-8f43099de36d8f2b78f359435c03feea.yaml index 6bcea28b29..f3559a6547 100644 --- a/nuclei-templates/2018/CVE-2018-5655-8f43099de36d8f2b78f359435c03feea.yaml +++ b/nuclei-templates/2018/CVE-2018-5655-8f43099de36d8f2b78f359435c03feea.yaml @@ -11,7 +11,7 @@ info: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/dd052762-5bd3-4008-b6b9-aca7be1151c2?source=api-prod classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2018-5655 metadata: diff --git a/nuclei-templates/2019/CVE-2019-13344-27411a20705667f253000e3bdf7d17b3.yaml b/nuclei-templates/2019/CVE-2019-13344-27411a20705667f253000e3bdf7d17b3.yaml index a789d00530..d639ceaa83 100644 --- a/nuclei-templates/2019/CVE-2019-13344-27411a20705667f253000e3bdf7d17b3.yaml +++ b/nuclei-templates/2019/CVE-2019-13344-27411a20705667f253000e3bdf7d17b3.yaml @@ -11,7 +11,7 @@ info: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/b6d054e4-0ef7-401d-9d81-24cc0f875432?source=api-prod classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N cvss-score: 5.3 cve-id: CVE-2019-13344 metadata: diff --git a/nuclei-templates/2019/CVE-2019-14788-a5e59b022bad7c4f515ef8a863828770.yaml b/nuclei-templates/2019/CVE-2019-14788-a5e59b022bad7c4f515ef8a863828770.yaml index ff2e1ecf95..d95ffe2ec0 100644 --- a/nuclei-templates/2019/CVE-2019-14788-a5e59b022bad7c4f515ef8a863828770.yaml +++ b/nuclei-templates/2019/CVE-2019-14788-a5e59b022bad7c4f515ef8a863828770.yaml @@ -11,7 +11,7 @@ info: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/1aa7a7f9-f331-4d06-94ea-182535080a90?source=api-prod classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H cvss-score: 8.8 cve-id: CVE-2019-14788 metadata: diff --git a/nuclei-templates/2019/CVE-2019-14789-8cf140df45ecfa82174797166add05ca.yaml b/nuclei-templates/2019/CVE-2019-14789-8cf140df45ecfa82174797166add05ca.yaml index 15dd9cdae1..821efb2a2d 100644 --- a/nuclei-templates/2019/CVE-2019-14789-8cf140df45ecfa82174797166add05ca.yaml +++ b/nuclei-templates/2019/CVE-2019-14789-8cf140df45ecfa82174797166add05ca.yaml @@ -11,7 +11,7 @@ info: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/c4aceec4-4832-4d83-98b3-f705c391b0c9?source=api-prod classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2019-14789 metadata: diff --git a/nuclei-templates/2019/CVE-2019-15647-1250e41fd06aa0eb8fb22acbdc4e8efa.yaml b/nuclei-templates/2019/CVE-2019-15647-1250e41fd06aa0eb8fb22acbdc4e8efa.yaml index 2a6f69f3d6..43070d3670 100644 --- a/nuclei-templates/2019/CVE-2019-15647-1250e41fd06aa0eb8fb22acbdc4e8efa.yaml +++ b/nuclei-templates/2019/CVE-2019-15647-1250e41fd06aa0eb8fb22acbdc4e8efa.yaml @@ -11,7 +11,7 @@ info: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/344b2f80-ea86-4bf0-8ee4-4b5c7b94c34b?source=api-prod classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H cvss-score: 8.8 cve-id: CVE-2019-15647 metadata: diff --git a/nuclei-templates/2019/CVE-2019-15863-e310c09aa79819b997179f79035d64a8.yaml b/nuclei-templates/2019/CVE-2019-15863-e310c09aa79819b997179f79035d64a8.yaml index a6ce81f8d9..6ddea818a4 100644 --- a/nuclei-templates/2019/CVE-2019-15863-e310c09aa79819b997179f79035d64a8.yaml +++ b/nuclei-templates/2019/CVE-2019-15863-e310c09aa79819b997179f79035d64a8.yaml @@ -11,7 +11,7 @@ info: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/c1836b1e-6c37-4a07-ac29-687d2eebd3ec?source=api-prod classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N cvss-score: 7.5 cve-id: CVE-2019-15863 metadata: diff --git a/nuclei-templates/2019/CVE-2019-15866-764a726453a65ad55f0285f3b12ec51b.yaml b/nuclei-templates/2019/CVE-2019-15866-764a726453a65ad55f0285f3b12ec51b.yaml index 396081b49a..7167a2fe51 100644 --- a/nuclei-templates/2019/CVE-2019-15866-764a726453a65ad55f0285f3b12ec51b.yaml +++ b/nuclei-templates/2019/CVE-2019-15866-764a726453a65ad55f0285f3b12ec51b.yaml @@ -11,7 +11,7 @@ info: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/d9fbd7ee-cfd0-4621-9eb9-df0202657ce9?source=api-prod classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H cvss-score: 8.8 cve-id: CVE-2019-15866 metadata: diff --git a/nuclei-templates/2019/CVE-2019-16251-093b62d2e65d83ca6666227a38e869be.yaml b/nuclei-templates/2019/CVE-2019-16251-093b62d2e65d83ca6666227a38e869be.yaml new file mode 100644 index 0000000000..0efa18501f --- /dev/null +++ b/nuclei-templates/2019/CVE-2019-16251-093b62d2e65d83ca6666227a38e869be.yaml @@ -0,0 +1,59 @@ +id: CVE-2019-16251-093b62d2e65d83ca6666227a38e869be + +info: + name: > + YIT Plugin Framework <= 3.3.8 - Authenticated Settings Change + author: topscoder + severity: low + description: > + Various versions of a various YITH WooCommerce plugins that use the YIT Plugin Framework through 3.3.8 are vulnerable to authorization bypass due to a missing capability check in the the 'save_toggle_element_options' function in .plugin-fw/lib/yit-plugin-panel-wc.php. This allows authenticated users with subscriber-level permissions or above to change arbitrary plugin settings. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b34a0c6-3573-48c7-8edb-c9cf9503da06?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2019-16251 + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-request-a-quote/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-request-a-quote/" + shodan-query: 'vuln:CVE-2019-16251' + tags: cve,wordpress,wp-plugin,yith-woocommerce-request-a-quote,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-request-a-quote/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-request-a-quote" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.7') \ No newline at end of file diff --git a/nuclei-templates/2019/CVE-2019-16251-0bec3a15d4acec0eca8ccf2ba13a3248.yaml b/nuclei-templates/2019/CVE-2019-16251-0bec3a15d4acec0eca8ccf2ba13a3248.yaml index 1231077f8e..5f5bf4f18a 100644 --- a/nuclei-templates/2019/CVE-2019-16251-0bec3a15d4acec0eca8ccf2ba13a3248.yaml +++ b/nuclei-templates/2019/CVE-2019-16251-0bec3a15d4acec0eca8ccf2ba13a3248.yaml @@ -15,17 +15,17 @@ info: cvss-score: 4.3 cve-id: CVE-2019-16251 metadata: - fofa-query: "wp-content/plugins/yith-woocommerce-authorizenet-payment-gateway/" - google-query: inurl:"/wp-content/plugins/yith-woocommerce-authorizenet-payment-gateway/" + fofa-query: "wp-content/plugins/yith-woocommerce-best-sellers/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-best-sellers/" shodan-query: 'vuln:CVE-2019-16251' - tags: cve,wordpress,wp-plugin,yith-woocommerce-authorizenet-payment-gateway,low + tags: cve,wordpress,wp-plugin,yith-woocommerce-best-sellers,low http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-authorizenet-payment-gateway/readme.txt" + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-best-sellers/readme.txt" extractors: - type: regex @@ -51,9 +51,9 @@ http: - type: word words: - - "yith-woocommerce-authorizenet-payment-gateway" + - "yith-woocommerce-best-sellers" part: body - type: dsl dsl: - - compare_versions(version, '<= 1.1.12') \ No newline at end of file + - compare_versions(version, '<= 1.1.11') \ No newline at end of file diff --git a/nuclei-templates/2019/CVE-2019-16251-103402336366a0bec4d8aac39f7cb878.yaml b/nuclei-templates/2019/CVE-2019-16251-103402336366a0bec4d8aac39f7cb878.yaml new file mode 100644 index 0000000000..1f446c5050 --- /dev/null +++ b/nuclei-templates/2019/CVE-2019-16251-103402336366a0bec4d8aac39f7cb878.yaml @@ -0,0 +1,59 @@ +id: CVE-2019-16251-103402336366a0bec4d8aac39f7cb878 + +info: + name: > + YIT Plugin Framework <= 3.3.8 - Authenticated Settings Change + author: topscoder + severity: low + description: > + Various versions of a various YITH WooCommerce plugins that use the YIT Plugin Framework through 3.3.8 are vulnerable to authorization bypass due to a missing capability check in the the 'save_toggle_element_options' function in .plugin-fw/lib/yit-plugin-panel-wc.php. This allows authenticated users with subscriber-level permissions or above to change arbitrary plugin settings. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b34a0c6-3573-48c7-8edb-c9cf9503da06?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2019-16251 + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-brands-add-on/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-brands-add-on/" + shodan-query: 'vuln:CVE-2019-16251' + tags: cve,wordpress,wp-plugin,yith-woocommerce-brands-add-on,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-brands-add-on/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-brands-add-on" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.6') \ No newline at end of file diff --git a/nuclei-templates/2019/CVE-2019-16251-112cd10f015557acc78ba7e0a845b801.yaml b/nuclei-templates/2019/CVE-2019-16251-112cd10f015557acc78ba7e0a845b801.yaml new file mode 100644 index 0000000000..641eb9aef3 --- /dev/null +++ b/nuclei-templates/2019/CVE-2019-16251-112cd10f015557acc78ba7e0a845b801.yaml @@ -0,0 +1,59 @@ +id: CVE-2019-16251-112cd10f015557acc78ba7e0a845b801 + +info: + name: > + YIT Plugin Framework <= 3.3.8 - Authenticated Settings Change + author: topscoder + severity: low + description: > + Various versions of a various YITH WooCommerce plugins that use the YIT Plugin Framework through 3.3.8 are vulnerable to authorization bypass due to a missing capability check in the the 'save_toggle_element_options' function in .plugin-fw/lib/yit-plugin-panel-wc.php. This allows authenticated users with subscriber-level permissions or above to change arbitrary plugin settings. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b34a0c6-3573-48c7-8edb-c9cf9503da06?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2019-16251 + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-multi-step-checkout/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-multi-step-checkout/" + shodan-query: 'vuln:CVE-2019-16251' + tags: cve,wordpress,wp-plugin,yith-woocommerce-multi-step-checkout,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-multi-step-checkout/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-multi-step-checkout" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.4') \ No newline at end of file diff --git a/nuclei-templates/2019/CVE-2019-16251-13caba3d4b2d93b621e9c3a2029674ee.yaml b/nuclei-templates/2019/CVE-2019-16251-13caba3d4b2d93b621e9c3a2029674ee.yaml new file mode 100644 index 0000000000..07b145cf6f --- /dev/null +++ b/nuclei-templates/2019/CVE-2019-16251-13caba3d4b2d93b621e9c3a2029674ee.yaml @@ -0,0 +1,59 @@ +id: CVE-2019-16251-13caba3d4b2d93b621e9c3a2029674ee + +info: + name: > + YIT Plugin Framework <= 3.3.8 - Authenticated Settings Change + author: topscoder + severity: low + description: > + Various versions of a various YITH WooCommerce plugins that use the YIT Plugin Framework through 3.3.8 are vulnerable to authorization bypass due to a missing capability check in the the 'save_toggle_element_options' function in .plugin-fw/lib/yit-plugin-panel-wc.php. This allows authenticated users with subscriber-level permissions or above to change arbitrary plugin settings. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b34a0c6-3573-48c7-8edb-c9cf9503da06?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2019-16251 + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-gift-cards/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-gift-cards/" + shodan-query: 'vuln:CVE-2019-16251' + tags: cve,wordpress,wp-plugin,yith-woocommerce-gift-cards,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-gift-cards/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-gift-cards" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.7') \ No newline at end of file diff --git a/nuclei-templates/2019/CVE-2019-16251-2439aaae45f24e028e156976457a141c.yaml b/nuclei-templates/2019/CVE-2019-16251-2439aaae45f24e028e156976457a141c.yaml new file mode 100644 index 0000000000..60fe018eb3 --- /dev/null +++ b/nuclei-templates/2019/CVE-2019-16251-2439aaae45f24e028e156976457a141c.yaml @@ -0,0 +1,59 @@ +id: CVE-2019-16251-2439aaae45f24e028e156976457a141c + +info: + name: > + YIT Plugin Framework <= 3.3.8 - Authenticated Settings Change + author: topscoder + severity: low + description: > + Various versions of a various YITH WooCommerce plugins that use the YIT Plugin Framework through 3.3.8 are vulnerable to authorization bypass due to a missing capability check in the the 'save_toggle_element_options' function in .plugin-fw/lib/yit-plugin-panel-wc.php. This allows authenticated users with subscriber-level permissions or above to change arbitrary plugin settings. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b34a0c6-3573-48c7-8edb-c9cf9503da06?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2019-16251 + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-quick-view/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-quick-view/" + shodan-query: 'vuln:CVE-2019-16251' + tags: cve,wordpress,wp-plugin,yith-woocommerce-quick-view,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-quick-view/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-quick-view" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.13') \ No newline at end of file diff --git a/nuclei-templates/2019/CVE-2019-16251-27bb0cb904db85a300ba3e8f6a433e15.yaml b/nuclei-templates/2019/CVE-2019-16251-27bb0cb904db85a300ba3e8f6a433e15.yaml new file mode 100644 index 0000000000..af89379857 --- /dev/null +++ b/nuclei-templates/2019/CVE-2019-16251-27bb0cb904db85a300ba3e8f6a433e15.yaml @@ -0,0 +1,59 @@ +id: CVE-2019-16251-27bb0cb904db85a300ba3e8f6a433e15 + +info: + name: > + YIT Plugin Framework <= 3.3.8 - Authenticated Settings Change + author: topscoder + severity: low + description: > + Various versions of a various YITH WooCommerce plugins that use the YIT Plugin Framework through 3.3.8 are vulnerable to authorization bypass due to a missing capability check in the the 'save_toggle_element_options' function in .plugin-fw/lib/yit-plugin-panel-wc.php. This allows authenticated users with subscriber-level permissions or above to change arbitrary plugin settings. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b34a0c6-3573-48c7-8edb-c9cf9503da06?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2019-16251 + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-recover-abandoned-cart/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-recover-abandoned-cart/" + shodan-query: 'vuln:CVE-2019-16251' + tags: cve,wordpress,wp-plugin,yith-woocommerce-recover-abandoned-cart,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-recover-abandoned-cart/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-recover-abandoned-cart" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.2') \ No newline at end of file diff --git a/nuclei-templates/2019/CVE-2019-16251-36672fa31d69f8c82579b2ad2bc7c480.yaml b/nuclei-templates/2019/CVE-2019-16251-36672fa31d69f8c82579b2ad2bc7c480.yaml new file mode 100644 index 0000000000..92ebdfbc0c --- /dev/null +++ b/nuclei-templates/2019/CVE-2019-16251-36672fa31d69f8c82579b2ad2bc7c480.yaml @@ -0,0 +1,59 @@ +id: CVE-2019-16251-36672fa31d69f8c82579b2ad2bc7c480 + +info: + name: > + YIT Plugin Framework <= 3.3.8 - Authenticated Settings Change + author: topscoder + severity: low + description: > + Various versions of a various YITH WooCommerce plugins that use the YIT Plugin Framework through 3.3.8 are vulnerable to authorization bypass due to a missing capability check in the the 'save_toggle_element_options' function in .plugin-fw/lib/yit-plugin-panel-wc.php. This allows authenticated users with subscriber-level permissions or above to change arbitrary plugin settings. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b34a0c6-3573-48c7-8edb-c9cf9503da06?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2019-16251 + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-product-vendors/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-product-vendors/" + shodan-query: 'vuln:CVE-2019-16251' + tags: cve,wordpress,wp-plugin,yith-woocommerce-product-vendors,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-product-vendors/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-product-vendors" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.0') \ No newline at end of file diff --git a/nuclei-templates/2019/CVE-2019-16251-44f3bf3b26543fe110e3e61a30c0fa24.yaml b/nuclei-templates/2019/CVE-2019-16251-44f3bf3b26543fe110e3e61a30c0fa24.yaml new file mode 100644 index 0000000000..04604a77f2 --- /dev/null +++ b/nuclei-templates/2019/CVE-2019-16251-44f3bf3b26543fe110e3e61a30c0fa24.yaml @@ -0,0 +1,59 @@ +id: CVE-2019-16251-44f3bf3b26543fe110e3e61a30c0fa24 + +info: + name: > + YIT Plugin Framework <= 3.3.8 - Authenticated Settings Change + author: topscoder + severity: low + description: > + Various versions of a various YITH WooCommerce plugins that use the YIT Plugin Framework through 3.3.8 are vulnerable to authorization bypass due to a missing capability check in the the 'save_toggle_element_options' function in .plugin-fw/lib/yit-plugin-panel-wc.php. This allows authenticated users with subscriber-level permissions or above to change arbitrary plugin settings. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b34a0c6-3573-48c7-8edb-c9cf9503da06?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2019-16251 + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-added-to-cart-popup/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-added-to-cart-popup/" + shodan-query: 'vuln:CVE-2019-16251' + tags: cve,wordpress,wp-plugin,yith-woocommerce-added-to-cart-popup,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-added-to-cart-popup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-added-to-cart-popup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.11') \ No newline at end of file diff --git a/nuclei-templates/2019/CVE-2019-16251-4ba2843cca017b7bf2c7cb9a09209155.yaml b/nuclei-templates/2019/CVE-2019-16251-4ba2843cca017b7bf2c7cb9a09209155.yaml new file mode 100644 index 0000000000..038156f8cb --- /dev/null +++ b/nuclei-templates/2019/CVE-2019-16251-4ba2843cca017b7bf2c7cb9a09209155.yaml @@ -0,0 +1,59 @@ +id: CVE-2019-16251-4ba2843cca017b7bf2c7cb9a09209155 + +info: + name: > + YIT Plugin Framework <= 3.3.8 - Authenticated Settings Change + author: topscoder + severity: low + description: > + Various versions of a various YITH WooCommerce plugins that use the YIT Plugin Framework through 3.3.8 are vulnerable to authorization bypass due to a missing capability check in the the 'save_toggle_element_options' function in .plugin-fw/lib/yit-plugin-panel-wc.php. This allows authenticated users with subscriber-level permissions or above to change arbitrary plugin settings. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b34a0c6-3573-48c7-8edb-c9cf9503da06?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2019-16251 + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-product-bundles/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-product-bundles/" + shodan-query: 'vuln:CVE-2019-16251' + tags: cve,wordpress,wp-plugin,yith-woocommerce-product-bundles,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-product-bundles/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-product-bundles" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.15') \ No newline at end of file diff --git a/nuclei-templates/2019/CVE-2019-16251-60eef60329c926016f466e7d0f1d1a44.yaml b/nuclei-templates/2019/CVE-2019-16251-60eef60329c926016f466e7d0f1d1a44.yaml new file mode 100644 index 0000000000..28ec565edc --- /dev/null +++ b/nuclei-templates/2019/CVE-2019-16251-60eef60329c926016f466e7d0f1d1a44.yaml @@ -0,0 +1,59 @@ +id: CVE-2019-16251-60eef60329c926016f466e7d0f1d1a44 + +info: + name: > + YIT Plugin Framework <= 3.3.8 - Authenticated Settings Change + author: topscoder + severity: low + description: > + Various versions of a various YITH WooCommerce plugins that use the YIT Plugin Framework through 3.3.8 are vulnerable to authorization bypass due to a missing capability check in the the 'save_toggle_element_options' function in .plugin-fw/lib/yit-plugin-panel-wc.php. This allows authenticated users with subscriber-level permissions or above to change arbitrary plugin settings. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b34a0c6-3573-48c7-8edb-c9cf9503da06?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2019-16251 + metadata: + fofa-query: "wp-content/plugins/yith-pre-order-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/yith-pre-order-for-woocommerce/" + shodan-query: 'vuln:CVE-2019-16251' + tags: cve,wordpress,wp-plugin,yith-pre-order-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-pre-order-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-pre-order-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.9') \ No newline at end of file diff --git a/nuclei-templates/2019/CVE-2019-16251-6944f02be5e91a508415ee14082d7816.yaml b/nuclei-templates/2019/CVE-2019-16251-6944f02be5e91a508415ee14082d7816.yaml new file mode 100644 index 0000000000..2678d2c791 --- /dev/null +++ b/nuclei-templates/2019/CVE-2019-16251-6944f02be5e91a508415ee14082d7816.yaml @@ -0,0 +1,59 @@ +id: CVE-2019-16251-6944f02be5e91a508415ee14082d7816 + +info: + name: > + YIT Plugin Framework <= 3.3.8 - Authenticated Settings Change + author: topscoder + severity: low + description: > + Various versions of a various YITH WooCommerce plugins that use the YIT Plugin Framework through 3.3.8 are vulnerable to authorization bypass due to a missing capability check in the the 'save_toggle_element_options' function in .plugin-fw/lib/yit-plugin-panel-wc.php. This allows authenticated users with subscriber-level permissions or above to change arbitrary plugin settings. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b34a0c6-3573-48c7-8edb-c9cf9503da06?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2019-16251 + metadata: + fofa-query: "wp-content/plugins/yith-desktop-notifications-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/yith-desktop-notifications-for-woocommerce/" + shodan-query: 'vuln:CVE-2019-16251' + tags: cve,wordpress,wp-plugin,yith-desktop-notifications-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-desktop-notifications-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-desktop-notifications-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.7') \ No newline at end of file diff --git a/nuclei-templates/2019/CVE-2019-16251-c15378d09d9f825ba598b7836f9cf921.yaml b/nuclei-templates/2019/CVE-2019-16251-c15378d09d9f825ba598b7836f9cf921.yaml index c32a0c4941..05ac6c5efa 100644 --- a/nuclei-templates/2019/CVE-2019-16251-c15378d09d9f825ba598b7836f9cf921.yaml +++ b/nuclei-templates/2019/CVE-2019-16251-c15378d09d9f825ba598b7836f9cf921.yaml @@ -15,17 +15,17 @@ info: cvss-score: 4.3 cve-id: CVE-2019-16251 metadata: - fofa-query: "wp-content/plugins/yith-woocommerce-order-tracking/" - google-query: inurl:"/wp-content/plugins/yith-woocommerce-order-tracking/" + fofa-query: "wp-content/plugins/yith-woocommerce-frequently-bought-together/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-frequently-bought-together/" shodan-query: 'vuln:CVE-2019-16251' - tags: cve,wordpress,wp-plugin,yith-woocommerce-order-tracking,low + tags: cve,wordpress,wp-plugin,yith-woocommerce-frequently-bought-together,low http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-order-tracking/readme.txt" + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-frequently-bought-together/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "yith-woocommerce-order-tracking" + - "yith-woocommerce-frequently-bought-together" part: body - type: dsl diff --git a/nuclei-templates/2019/CVE-2019-16251-c19432b0e7da8380244317da5de37baf.yaml b/nuclei-templates/2019/CVE-2019-16251-c19432b0e7da8380244317da5de37baf.yaml index e9b1591eda..b2af582bb6 100644 --- a/nuclei-templates/2019/CVE-2019-16251-c19432b0e7da8380244317da5de37baf.yaml +++ b/nuclei-templates/2019/CVE-2019-16251-c19432b0e7da8380244317da5de37baf.yaml @@ -15,17 +15,17 @@ info: cvss-score: 4.3 cve-id: CVE-2019-16251 metadata: - fofa-query: "wp-content/plugins/yith-woocommerce-subscription/" - google-query: inurl:"/wp-content/plugins/yith-woocommerce-subscription/" + fofa-query: "wp-content/plugins/yith-woocommerce-social-login/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-social-login/" shodan-query: 'vuln:CVE-2019-16251' - tags: cve,wordpress,wp-plugin,yith-woocommerce-subscription,low + tags: cve,wordpress,wp-plugin,yith-woocommerce-social-login,low http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-subscription/readme.txt" + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-social-login/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "yith-woocommerce-subscription" + - "yith-woocommerce-social-login" part: body - type: dsl diff --git a/nuclei-templates/2019/CVE-2019-16251-d5b4ff8d23c087b5da488a6656906438.yaml b/nuclei-templates/2019/CVE-2019-16251-d5b4ff8d23c087b5da488a6656906438.yaml new file mode 100644 index 0000000000..9abfeede56 --- /dev/null +++ b/nuclei-templates/2019/CVE-2019-16251-d5b4ff8d23c087b5da488a6656906438.yaml @@ -0,0 +1,59 @@ +id: CVE-2019-16251-d5b4ff8d23c087b5da488a6656906438 + +info: + name: > + YIT Plugin Framework <= 3.3.8 - Authenticated Settings Change + author: topscoder + severity: low + description: > + Various versions of a various YITH WooCommerce plugins that use the YIT Plugin Framework through 3.3.8 are vulnerable to authorization bypass due to a missing capability check in the the 'save_toggle_element_options' function in .plugin-fw/lib/yit-plugin-panel-wc.php. This allows authenticated users with subscriber-level permissions or above to change arbitrary plugin settings. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b34a0c6-3573-48c7-8edb-c9cf9503da06?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2019-16251 + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-advanced-reviews/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-advanced-reviews/" + shodan-query: 'vuln:CVE-2019-16251' + tags: cve,wordpress,wp-plugin,yith-woocommerce-advanced-reviews,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-advanced-reviews/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-advanced-reviews" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.9') \ No newline at end of file diff --git a/nuclei-templates/2019/CVE-2019-16251-df482ce16578d1a3e011e21d709fd039.yaml b/nuclei-templates/2019/CVE-2019-16251-df482ce16578d1a3e011e21d709fd039.yaml new file mode 100644 index 0000000000..3badbc67c5 --- /dev/null +++ b/nuclei-templates/2019/CVE-2019-16251-df482ce16578d1a3e011e21d709fd039.yaml @@ -0,0 +1,59 @@ +id: CVE-2019-16251-df482ce16578d1a3e011e21d709fd039 + +info: + name: > + YIT Plugin Framework <= 3.3.8 - Authenticated Settings Change + author: topscoder + severity: low + description: > + Various versions of a various YITH WooCommerce plugins that use the YIT Plugin Framework through 3.3.8 are vulnerable to authorization bypass due to a missing capability check in the the 'save_toggle_element_options' function in .plugin-fw/lib/yit-plugin-panel-wc.php. This allows authenticated users with subscriber-level permissions or above to change arbitrary plugin settings. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b34a0c6-3573-48c7-8edb-c9cf9503da06?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2019-16251 + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-waiting-list/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-waiting-list/" + shodan-query: 'vuln:CVE-2019-16251' + tags: cve,wordpress,wp-plugin,yith-woocommerce-waiting-list,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-waiting-list/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-waiting-list" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.9') \ No newline at end of file diff --git a/nuclei-templates/2019/CVE-2019-16251-e850d4242a587cba331f3cca01266759.yaml b/nuclei-templates/2019/CVE-2019-16251-e850d4242a587cba331f3cca01266759.yaml new file mode 100644 index 0000000000..6256f7c416 --- /dev/null +++ b/nuclei-templates/2019/CVE-2019-16251-e850d4242a587cba331f3cca01266759.yaml @@ -0,0 +1,59 @@ +id: CVE-2019-16251-e850d4242a587cba331f3cca01266759 + +info: + name: > + YIT Plugin Framework <= 3.3.8 - Authenticated Settings Change + author: topscoder + severity: low + description: > + Various versions of a various YITH WooCommerce plugins that use the YIT Plugin Framework through 3.3.8 are vulnerable to authorization bypass due to a missing capability check in the the 'save_toggle_element_options' function in .plugin-fw/lib/yit-plugin-panel-wc.php. This allows authenticated users with subscriber-level permissions or above to change arbitrary plugin settings. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b34a0c6-3573-48c7-8edb-c9cf9503da06?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2019-16251 + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-affiliates/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-affiliates/" + shodan-query: 'vuln:CVE-2019-16251' + tags: cve,wordpress,wp-plugin,yith-woocommerce-affiliates,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-affiliates/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-affiliates" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.6.3') \ No newline at end of file diff --git a/nuclei-templates/2019/CVE-2019-16251-f7034bb791adc26a841c779937603486.yaml b/nuclei-templates/2019/CVE-2019-16251-f7034bb791adc26a841c779937603486.yaml new file mode 100644 index 0000000000..94069a8447 --- /dev/null +++ b/nuclei-templates/2019/CVE-2019-16251-f7034bb791adc26a841c779937603486.yaml @@ -0,0 +1,59 @@ +id: CVE-2019-16251-f7034bb791adc26a841c779937603486 + +info: + name: > + YIT Plugin Framework <= 3.3.8 - Authenticated Settings Change + author: topscoder + severity: low + description: > + Various versions of a various YITH WooCommerce plugins that use the YIT Plugin Framework through 3.3.8 are vulnerable to authorization bypass due to a missing capability check in the the 'save_toggle_element_options' function in .plugin-fw/lib/yit-plugin-panel-wc.php. This allows authenticated users with subscriber-level permissions or above to change arbitrary plugin settings. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b34a0c6-3573-48c7-8edb-c9cf9503da06?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2019-16251 + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-pdf-invoice/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-pdf-invoice/" + shodan-query: 'vuln:CVE-2019-16251' + tags: cve,wordpress,wp-plugin,yith-woocommerce-pdf-invoice,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-pdf-invoice/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-pdf-invoice" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.12') \ No newline at end of file diff --git a/nuclei-templates/2019/CVE-2019-17230-ad2cbba57bdd86ac70bb3eb472648e22.yaml b/nuclei-templates/2019/CVE-2019-17230-ad2cbba57bdd86ac70bb3eb472648e22.yaml index 889a05202f..1aea4c1b98 100644 --- a/nuclei-templates/2019/CVE-2019-17230-ad2cbba57bdd86ac70bb3eb472648e22.yaml +++ b/nuclei-templates/2019/CVE-2019-17230-ad2cbba57bdd86ac70bb3eb472648e22.yaml @@ -15,17 +15,17 @@ info: cvss-score: 9.8 cve-id: CVE-2019-17230 metadata: - fofa-query: "wp-content/themes/onetone/" - google-query: inurl:"/wp-content/themes/onetone/" + fofa-query: "wp-content/plugins/onetone-companion/" + google-query: inurl:"/wp-content/plugins/onetone-companion/" shodan-query: 'vuln:CVE-2019-17230' - tags: cve,wordpress,wp-theme,onetone,critical + tags: cve,wordpress,wp-plugin,onetone-companion,critical http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/themes/onetone/style.css" + - "{{BaseURL}}/wp-content/plugins/onetone-companion/readme.txt" extractors: - type: regex @@ -34,14 +34,14 @@ http: group: 1 internal: true regex: - - "(?mi)Version: ([0-9.]+)" + - "(?mi)Stable tag: ([0-9.]+)" - type: regex name: version part: body group: 1 regex: - - "(?mi)Version: ([0-9.]+)" + - "(?mi)Stable tag: ([0-9.]+)" matchers-condition: and matchers: @@ -51,9 +51,9 @@ http: - type: word words: - - "onetone" + - "onetone-companion" part: body - type: dsl dsl: - - compare_versions(version, '<= 3.0.6') \ No newline at end of file + - compare_versions(version, '<= 1.1.1') \ No newline at end of file diff --git a/nuclei-templates/2019/CVE-2019-17231-4f51818075b8a913504d89703b935025.yaml b/nuclei-templates/2019/CVE-2019-17231-4f51818075b8a913504d89703b935025.yaml index 03025c2613..f6aad2e598 100644 --- a/nuclei-templates/2019/CVE-2019-17231-4f51818075b8a913504d89703b935025.yaml +++ b/nuclei-templates/2019/CVE-2019-17231-4f51818075b8a913504d89703b935025.yaml @@ -15,17 +15,17 @@ info: cvss-score: 7.2 cve-id: CVE-2019-17231 metadata: - fofa-query: "wp-content/themes/onetone/" - google-query: inurl:"/wp-content/themes/onetone/" + fofa-query: "wp-content/plugins/onetone-companion/" + google-query: inurl:"/wp-content/plugins/onetone-companion/" shodan-query: 'vuln:CVE-2019-17231' - tags: cve,wordpress,wp-theme,onetone,high + tags: cve,wordpress,wp-plugin,onetone-companion,high http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/themes/onetone/style.css" + - "{{BaseURL}}/wp-content/plugins/onetone-companion/readme.txt" extractors: - type: regex @@ -34,14 +34,14 @@ http: group: 1 internal: true regex: - - "(?mi)Version: ([0-9.]+)" + - "(?mi)Stable tag: ([0-9.]+)" - type: regex name: version part: body group: 1 regex: - - "(?mi)Version: ([0-9.]+)" + - "(?mi)Stable tag: ([0-9.]+)" matchers-condition: and matchers: @@ -51,9 +51,9 @@ http: - type: word words: - - "onetone" + - "onetone-companion" part: body - type: dsl dsl: - - compare_versions(version, '<= 3.0.6') \ No newline at end of file + - compare_versions(version, '<= 1.1.1') \ No newline at end of file diff --git a/nuclei-templates/2019/CVE-2019-25212-cf8915aa91ee39b2dc6d30f9dfffa142.yaml b/nuclei-templates/2019/CVE-2019-25212-cf8915aa91ee39b2dc6d30f9dfffa142.yaml index 0a1d49f994..e07a1df33f 100644 --- a/nuclei-templates/2019/CVE-2019-25212-cf8915aa91ee39b2dc6d30f9dfffa142.yaml +++ b/nuclei-templates/2019/CVE-2019-25212-cf8915aa91ee39b2dc6d30f9dfffa142.yaml @@ -11,8 +11,8 @@ info: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/85e70be3-3ed7-4ce1-a20c-046fb7c4ec31?source=api-prod classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H - cvss-score: 9.1 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N + cvss-score: 4.9 cve-id: CVE-2019-25212 metadata: fofa-query: "wp-content/plugins/wp-responsive-video-gallery-with-lightbox/" diff --git a/nuclei-templates/2020/CVE-2020-11023-3beb604b5149be28498143011514aa9e.yaml b/nuclei-templates/2020/CVE-2020-11023-3beb604b5149be28498143011514aa9e.yaml index dac97e4330..712e7a3473 100644 --- a/nuclei-templates/2020/CVE-2020-11023-3beb604b5149be28498143011514aa9e.yaml +++ b/nuclei-templates/2020/CVE-2020-11023-3beb604b5149be28498143011514aa9e.yaml @@ -2,11 +2,11 @@ id: CVE-2020-11023-3beb604b5149be28498143011514aa9e info: name: > - jQuery Manager for WordPress <= 1.10.4 - Running Vulnerable Dependency + jQuery Manager for WordPress <= 1.10.4 & jQuery Migrate Helper <= 1.4.1- Running Vulnerable Dependency author: topscoder severity: medium description: > - The jQuery Manager for WordPress plugin for WordPress is running a vulnerable version of jQuery in all versions up to, and including, 1.10.4. This makes it possible for unauthenticated attackers to malicious web scripts, though it is not verified that the plugin is exploitable through CVE-2020-11023. + The jQuery Manager for WordPress plugin for WordPress is running a vulnerable version of jQuery in all versions up to, and including, 1.10.4 and the Enable jQuery Migrate Helper for WordPress is running a vulnerable version of jQuery in all versions up to, and including, 1.4.1. This makes it possible for unauthenticated attackers to malicious web scripts, though it is not verified that the plugin is exploitable through CVE-2020-11023. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/21a27a8b-f599-42b9-9439-4456995dd3fe?source=api-prod diff --git a/nuclei-templates/2020/CVE-2020-11023-cdac0566d7e2780e16ba20fc5a8d2987.yaml b/nuclei-templates/2020/CVE-2020-11023-cdac0566d7e2780e16ba20fc5a8d2987.yaml new file mode 100644 index 0000000000..dba315f77b --- /dev/null +++ b/nuclei-templates/2020/CVE-2020-11023-cdac0566d7e2780e16ba20fc5a8d2987.yaml @@ -0,0 +1,59 @@ +id: CVE-2020-11023-cdac0566d7e2780e16ba20fc5a8d2987 + +info: + name: > + jQuery Manager for WordPress <= 1.10.4 & jQuery Migrate Helper <= 1.4.1- Running Vulnerable Dependency + author: topscoder + severity: medium + description: > + The jQuery Manager for WordPress plugin for WordPress is running a vulnerable version of jQuery in all versions up to, and including, 1.10.4 and the Enable jQuery Migrate Helper for WordPress is running a vulnerable version of jQuery in all versions up to, and including, 1.4.1. This makes it possible for unauthenticated attackers to malicious web scripts, though it is not verified that the plugin is exploitable through CVE-2020-11023. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/21a27a8b-f599-42b9-9439-4456995dd3fe?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N + cvss-score: 6.5 + cve-id: CVE-2020-11023 + metadata: + fofa-query: "wp-content/plugins/enable-jquery-migrate-helper/" + google-query: inurl:"/wp-content/plugins/enable-jquery-migrate-helper/" + shodan-query: 'vuln:CVE-2020-11023' + tags: cve,wordpress,wp-plugin,enable-jquery-migrate-helper,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/enable-jquery-migrate-helper/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "enable-jquery-migrate-helper" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.1') \ No newline at end of file diff --git a/nuclei-templates/2020/CVE-2020-35945-eb9209b0a0717c8108ea65e4ab735c91.yaml b/nuclei-templates/2020/CVE-2020-35945-eb9209b0a0717c8108ea65e4ab735c91.yaml index 79ec2e1adb..ef5a7095c5 100644 --- a/nuclei-templates/2020/CVE-2020-35945-eb9209b0a0717c8108ea65e4ab735c91.yaml +++ b/nuclei-templates/2020/CVE-2020-35945-eb9209b0a0717c8108ea65e4ab735c91.yaml @@ -15,17 +15,17 @@ info: cvss-score: 8.8 cve-id: CVE-2020-35945 metadata: - fofa-query: "wp-content/plugins/divi-builder/" - google-query: inurl:"/wp-content/plugins/divi-builder/" + fofa-query: "wp-content/themes/extra/" + google-query: inurl:"/wp-content/themes/extra/" shodan-query: 'vuln:CVE-2020-35945' - tags: cve,wordpress,wp-plugin,divi-builder,low + tags: cve,wordpress,wp-theme,extra,low http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/divi-builder/readme.txt" + - "{{BaseURL}}/wp-content/themes/extra/style.css" extractors: - type: regex @@ -34,14 +34,14 @@ http: group: 1 internal: true regex: - - "(?mi)Stable tag: ([0-9.]+)" + - "(?mi)Version: ([0-9.]+)" - type: regex name: version part: body group: 1 regex: - - "(?mi)Stable tag: ([0-9.]+)" + - "(?mi)Version: ([0-9.]+)" matchers-condition: and matchers: @@ -51,7 +51,7 @@ http: - type: word words: - - "divi-builder" + - "extra" part: body - type: dsl diff --git a/nuclei-templates/2020/CVE-2020-36656-41f775fa26aacfcd553745b9f803aa76.yaml b/nuclei-templates/2020/CVE-2020-36656-41f775fa26aacfcd553745b9f803aa76.yaml index a365806f97..1a04212cbc 100644 --- a/nuclei-templates/2020/CVE-2020-36656-41f775fa26aacfcd553745b9f803aa76.yaml +++ b/nuclei-templates/2020/CVE-2020-36656-41f775fa26aacfcd553745b9f803aa76.yaml @@ -11,8 +11,8 @@ info: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/7d9b5f4e-5d98-49b2-adbb-1db906b07c45?source=api-prod classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 cve-id: CVE-2020-36656 metadata: fofa-query: "wp-content/plugins/ultimate-addons-for-gutenberg/" diff --git a/nuclei-templates/2020/CVE-2020-36708-635c1a5732b95cf225c7d156b75d64cd.yaml b/nuclei-templates/2020/CVE-2020-36708-635c1a5732b95cf225c7d156b75d64cd.yaml index b7328cf180..70e76f4139 100644 --- a/nuclei-templates/2020/CVE-2020-36708-635c1a5732b95cf225c7d156b75d64cd.yaml +++ b/nuclei-templates/2020/CVE-2020-36708-635c1a5732b95cf225c7d156b75d64cd.yaml @@ -15,17 +15,17 @@ info: cvss-score: 9.8 cve-id: CVE-2020-36708 metadata: - fofa-query: "wp-content/themes/allegiant/" - google-query: inurl:"/wp-content/themes/allegiant/" + fofa-query: "wp-content/themes/medzone-lite/" + google-query: inurl:"/wp-content/themes/medzone-lite/" shodan-query: 'vuln:CVE-2020-36708' - tags: cve,wordpress,wp-theme,allegiant,critical + tags: cve,wordpress,wp-theme,medzone-lite,critical http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/themes/allegiant/style.css" + - "{{BaseURL}}/wp-content/themes/medzone-lite/style.css" extractors: - type: regex @@ -51,9 +51,9 @@ http: - type: word words: - - "allegiant" + - "medzone-lite" part: body - type: dsl dsl: - - compare_versions(version, '<= 1.2.2') \ No newline at end of file + - compare_versions(version, '<= 1.2.4') \ No newline at end of file diff --git a/nuclei-templates/2020/CVE-2020-36708-737d5d82567f8a4fa51260f2b3c8531d.yaml b/nuclei-templates/2020/CVE-2020-36708-737d5d82567f8a4fa51260f2b3c8531d.yaml new file mode 100644 index 0000000000..9281238537 --- /dev/null +++ b/nuclei-templates/2020/CVE-2020-36708-737d5d82567f8a4fa51260f2b3c8531d.yaml @@ -0,0 +1,59 @@ +id: CVE-2020-36708-737d5d82567f8a4fa51260f2b3c8531d + +info: + name: > + Epsilon Framework Themes (Various Versions) - Function Injection + author: topscoder + severity: critical + description: > + The following themes for WordPress are vulnerable to Function Injections in versions up to and including Shapely <= 1.2.7, NewsMag <= 2.4.1, Activello <= 1.4.0, Illdy <= 2.1.4, Allegiant <= 1.2.2, Newspaper X <= 1.3.1, Pixova Lite <= 2.0.5, Brilliance <= 1.2.7, MedZone Lite <= 1.2.4, Regina Lite <= 2.0.4, Transcend <= 1.1.8, Affluent <= 1.1.0, Bonkers <= 1.0.4, Antreas <= 1.0.2, Sparkling <= 2.4.8, and NatureMag Lite <= 1.0.4. This is due to epsilon_framework_ajax_action. This makes it possible for unauthenticated attackers to call functions and achieve remote code execution. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5b75c322-539d-44e9-8f26-5ff929874b67?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2020-36708 + metadata: + fofa-query: "wp-content/themes/pixova-lite/" + google-query: inurl:"/wp-content/themes/pixova-lite/" + shodan-query: 'vuln:CVE-2020-36708' + tags: cve,wordpress,wp-theme,pixova-lite,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/pixova-lite/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pixova-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.5') \ No newline at end of file diff --git a/nuclei-templates/2020/CVE-2020-36836-bc7dcce907d24c1cc57ce247d7d64bbe.yaml b/nuclei-templates/2020/CVE-2020-36836-bc7dcce907d24c1cc57ce247d7d64bbe.yaml index a9937c250a..d0223d78f6 100644 --- a/nuclei-templates/2020/CVE-2020-36836-bc7dcce907d24c1cc57ce247d7d64bbe.yaml +++ b/nuclei-templates/2020/CVE-2020-36836-bc7dcce907d24c1cc57ce247d7d64bbe.yaml @@ -11,8 +11,8 @@ info: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/82f80916-37ab-4c5a-9787-2544c620acac?source=api-prod classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H - cvss-score: 8.8 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H + cvss-score: 8 cve-id: CVE-2020-36836 metadata: fofa-query: "wp-content/plugins/wp-fastest-cache/" diff --git a/nuclei-templates/2020/CVE-2020-5611-5019c1e54578edf249449a647c42c97c.yaml b/nuclei-templates/2020/CVE-2020-5611-5019c1e54578edf249449a647c42c97c.yaml index 23b91af000..04c3c9e4d0 100644 --- a/nuclei-templates/2020/CVE-2020-5611-5019c1e54578edf249449a647c42c97c.yaml +++ b/nuclei-templates/2020/CVE-2020-5611-5019c1e54578edf249449a647c42c97c.yaml @@ -15,17 +15,17 @@ info: cvss-score: 8.8 cve-id: CVE-2020-5611 metadata: - fofa-query: "wp-content/plugins/UNKNOWN-CVE-2020-5611/" - google-query: inurl:"/wp-content/plugins/UNKNOWN-CVE-2020-5611/" + fofa-query: "wp-content/plugins/social-rocket/" + google-query: inurl:"/wp-content/plugins/social-rocket/" shodan-query: 'vuln:CVE-2020-5611' - tags: cve,wordpress,wp-plugin,UNKNOWN-CVE-2020-5611,high + tags: cve,wordpress,wp-plugin,social-rocket,high http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/UNKNOWN-CVE-2020-5611/readme.txt" + - "{{BaseURL}}/wp-content/plugins/social-rocket/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "UNKNOWN-CVE-2020-5611" + - "social-rocket" part: body - type: dsl diff --git a/nuclei-templates/2021/CVE-2021-20780-cac6fe18c35e4993af6dc0ef29990f7b.yaml b/nuclei-templates/2021/CVE-2021-20780-cac6fe18c35e4993af6dc0ef29990f7b.yaml index bbef25281c..f06df403c7 100644 --- a/nuclei-templates/2021/CVE-2021-20780-cac6fe18c35e4993af6dc0ef29990f7b.yaml +++ b/nuclei-templates/2021/CVE-2021-20780-cac6fe18c35e4993af6dc0ef29990f7b.yaml @@ -4,7 +4,7 @@ info: name: > Currency Switcher <= 1.1.6 - Cross-site request forgery author: topscoder - severity: high + severity: medium description: > The Currency Switcher plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.6. This is due to missing or incorrect nonce validation on the print_plugin_options() function. This makes it possible for unauthenticated attackers to update the plugin's settings and inject malicious web scripts granted they can trick a site administrator into performing an action such as clicking on a link. reference: @@ -18,7 +18,7 @@ info: fofa-query: "wp-content/plugins/currency-switcher/" google-query: inurl:"/wp-content/plugins/currency-switcher/" shodan-query: 'vuln:CVE-2021-20780' - tags: cve,wordpress,wp-plugin,currency-switcher,high + tags: cve,wordpress,wp-plugin,currency-switcher,medium http: - method: GET diff --git a/nuclei-templates/2021/CVE-2021-20865-7a221176f86280a268c66fee0493cda7.yaml b/nuclei-templates/2021/CVE-2021-20865-7a221176f86280a268c66fee0493cda7.yaml index 5d944b1542..f87c376492 100644 --- a/nuclei-templates/2021/CVE-2021-20865-7a221176f86280a268c66fee0493cda7.yaml +++ b/nuclei-templates/2021/CVE-2021-20865-7a221176f86280a268c66fee0493cda7.yaml @@ -15,17 +15,17 @@ info: cvss-score: 7.5 cve-id: CVE-2021-20865 metadata: - fofa-query: "wp-content/plugins/advanced-custom-fields/" - google-query: inurl:"/wp-content/plugins/advanced-custom-fields/" + fofa-query: "wp-content/plugins/advanced-custom-fields-pro/" + google-query: inurl:"/wp-content/plugins/advanced-custom-fields-pro/" shodan-query: 'vuln:CVE-2021-20865' - tags: cve,wordpress,wp-plugin,advanced-custom-fields,high + tags: cve,wordpress,wp-plugin,advanced-custom-fields-pro,high http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/advanced-custom-fields/readme.txt" + - "{{BaseURL}}/wp-content/plugins/advanced-custom-fields-pro/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "advanced-custom-fields" + - "advanced-custom-fields-pro" part: body - type: dsl diff --git a/nuclei-templates/2021/CVE-2021-20866-0024bf4ae8e10ec53bcbb3b682375313.yaml b/nuclei-templates/2021/CVE-2021-20866-0024bf4ae8e10ec53bcbb3b682375313.yaml index 2c0cbde456..1bd343741b 100644 --- a/nuclei-templates/2021/CVE-2021-20866-0024bf4ae8e10ec53bcbb3b682375313.yaml +++ b/nuclei-templates/2021/CVE-2021-20866-0024bf4ae8e10ec53bcbb3b682375313.yaml @@ -15,17 +15,17 @@ info: cvss-score: 6.5 cve-id: CVE-2021-20866 metadata: - fofa-query: "wp-content/plugins/advanced-custom-fields/" - google-query: inurl:"/wp-content/plugins/advanced-custom-fields/" + fofa-query: "wp-content/plugins/advanced-custom-fields-pro/" + google-query: inurl:"/wp-content/plugins/advanced-custom-fields-pro/" shodan-query: 'vuln:CVE-2021-20866' - tags: cve,wordpress,wp-plugin,advanced-custom-fields,medium + tags: cve,wordpress,wp-plugin,advanced-custom-fields-pro,medium http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/advanced-custom-fields/readme.txt" + - "{{BaseURL}}/wp-content/plugins/advanced-custom-fields-pro/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "advanced-custom-fields" + - "advanced-custom-fields-pro" part: body - type: dsl diff --git a/nuclei-templates/2021/CVE-2021-20867-4d7b83e39ddf928e5339b2fd74abaf77.yaml b/nuclei-templates/2021/CVE-2021-20867-4d7b83e39ddf928e5339b2fd74abaf77.yaml index d8d80bbd5d..708bba4fdb 100644 --- a/nuclei-templates/2021/CVE-2021-20867-4d7b83e39ddf928e5339b2fd74abaf77.yaml +++ b/nuclei-templates/2021/CVE-2021-20867-4d7b83e39ddf928e5339b2fd74abaf77.yaml @@ -15,17 +15,17 @@ info: cvss-score: 4.3 cve-id: CVE-2021-20867 metadata: - fofa-query: "wp-content/plugins/advanced-custom-fields/" - google-query: inurl:"/wp-content/plugins/advanced-custom-fields/" + fofa-query: "wp-content/plugins/advanced-custom-fields-pro/" + google-query: inurl:"/wp-content/plugins/advanced-custom-fields-pro/" shodan-query: 'vuln:CVE-2021-20867' - tags: cve,wordpress,wp-plugin,advanced-custom-fields,medium + tags: cve,wordpress,wp-plugin,advanced-custom-fields-pro,medium http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/advanced-custom-fields/readme.txt" + - "{{BaseURL}}/wp-content/plugins/advanced-custom-fields-pro/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "advanced-custom-fields" + - "advanced-custom-fields-pro" part: body - type: dsl diff --git a/nuclei-templates/2021/CVE-2021-24219-54de33e22c3997733deb7db26e9a9628.yaml b/nuclei-templates/2021/CVE-2021-24219-54de33e22c3997733deb7db26e9a9628.yaml new file mode 100644 index 0000000000..18fc545cd0 --- /dev/null +++ b/nuclei-templates/2021/CVE-2021-24219-54de33e22c3997733deb7db26e9a9628.yaml @@ -0,0 +1,59 @@ +id: CVE-2021-24219-54de33e22c3997733deb7db26e9a9628 + +info: + name: > + Multiple Thrive Themes and Plugins (Various Versions) - Arbitrary Options Update + author: topscoder + severity: medium + description: > + The Thrive Optimize WordPress plugin before 1.4.13.3, Thrive Comments WordPress plugin before 1.4.15.3, Thrive Headline Optimizer WordPress plugin before 1.3.7.3, Thrive Leads WordPress plugin before 2.3.9.4, Thrive Ultimatum WordPress plugin before 2.3.9.4, Thrive Quiz Builder WordPress plugin before 2.3.9.4, Thrive Apprentice WordPress plugin before 2.3.9.4, Thrive Visual Editor WordPress plugin before 2.6.7.4, Thrive Dashboard WordPress plugin before 2.3.9.3, Thrive Ovation WordPress plugin before 2.4.5, Thrive Clever Widgets WordPress plugin before 1.57.1 and Rise by Thrive Themes WordPress theme before 2.0.0, Ignition by Thrive Themes WordPress theme before 2.0.0, Luxe by Thrive Themes WordPress theme before 2.0.0, FocusBlog by Thrive Themes WordPress theme before 2.0.0, Minus by Thrive Themes WordPress theme before 2.0.0, Squared by Thrive Themes WordPress theme before 2.0.0, Voice WordPress theme before 2.0.0, Performag by Thrive Themes WordPress theme before 2.0.0, Pressive by Thrive Themes WordPress theme before 2.0.0, Storied by Thrive Themes WordPress theme before 2.0.0, Thrive Themes Builder WordPress theme before 2.2.4 register a REST API endpoint associated with Zapier functionality. While this endpoint was intended to require an API key in order to access, it was possible to access it by supplying an empty api_key parameter in vulnerable versions if Zapier was not enabled. Attackers could use this endpoint to add arbitrary data to a predefined option in the wp_options table. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c2be56d2-d473-455e-8d6e-d2df6abb19ca?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N + cvss-score: 5.3 + cve-id: CVE-2021-24219 + metadata: + fofa-query: "wp-content/plugins/thrive-visual-editor/" + google-query: inurl:"/wp-content/plugins/thrive-visual-editor/" + shodan-query: 'vuln:CVE-2021-24219' + tags: cve,wordpress,wp-plugin,thrive-visual-editor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/thrive-visual-editor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "thrive-visual-editor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.6.7.4') \ No newline at end of file diff --git a/nuclei-templates/2021/CVE-2021-24219-58079206bc5717c79c2fd830b6ebb469.yaml b/nuclei-templates/2021/CVE-2021-24219-58079206bc5717c79c2fd830b6ebb469.yaml new file mode 100644 index 0000000000..9f6a0b3670 --- /dev/null +++ b/nuclei-templates/2021/CVE-2021-24219-58079206bc5717c79c2fd830b6ebb469.yaml @@ -0,0 +1,59 @@ +id: CVE-2021-24219-58079206bc5717c79c2fd830b6ebb469 + +info: + name: > + Multiple Thrive Themes and Plugins (Various Versions) - Arbitrary Options Update + author: topscoder + severity: medium + description: > + The Thrive Optimize WordPress plugin before 1.4.13.3, Thrive Comments WordPress plugin before 1.4.15.3, Thrive Headline Optimizer WordPress plugin before 1.3.7.3, Thrive Leads WordPress plugin before 2.3.9.4, Thrive Ultimatum WordPress plugin before 2.3.9.4, Thrive Quiz Builder WordPress plugin before 2.3.9.4, Thrive Apprentice WordPress plugin before 2.3.9.4, Thrive Visual Editor WordPress plugin before 2.6.7.4, Thrive Dashboard WordPress plugin before 2.3.9.3, Thrive Ovation WordPress plugin before 2.4.5, Thrive Clever Widgets WordPress plugin before 1.57.1 and Rise by Thrive Themes WordPress theme before 2.0.0, Ignition by Thrive Themes WordPress theme before 2.0.0, Luxe by Thrive Themes WordPress theme before 2.0.0, FocusBlog by Thrive Themes WordPress theme before 2.0.0, Minus by Thrive Themes WordPress theme before 2.0.0, Squared by Thrive Themes WordPress theme before 2.0.0, Voice WordPress theme before 2.0.0, Performag by Thrive Themes WordPress theme before 2.0.0, Pressive by Thrive Themes WordPress theme before 2.0.0, Storied by Thrive Themes WordPress theme before 2.0.0, Thrive Themes Builder WordPress theme before 2.2.4 register a REST API endpoint associated with Zapier functionality. While this endpoint was intended to require an API key in order to access, it was possible to access it by supplying an empty api_key parameter in vulnerable versions if Zapier was not enabled. Attackers could use this endpoint to add arbitrary data to a predefined option in the wp_options table. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c2be56d2-d473-455e-8d6e-d2df6abb19ca?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N + cvss-score: 5.3 + cve-id: CVE-2021-24219 + metadata: + fofa-query: "wp-content/plugins/thrive-ovation/" + google-query: inurl:"/wp-content/plugins/thrive-ovation/" + shodan-query: 'vuln:CVE-2021-24219' + tags: cve,wordpress,wp-plugin,thrive-ovation,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/thrive-ovation/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "thrive-ovation" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.4.5') \ No newline at end of file diff --git a/nuclei-templates/2021/CVE-2021-24219-706b5a7fe42488b10e5cde453299c66e.yaml b/nuclei-templates/2021/CVE-2021-24219-706b5a7fe42488b10e5cde453299c66e.yaml new file mode 100644 index 0000000000..c559845915 --- /dev/null +++ b/nuclei-templates/2021/CVE-2021-24219-706b5a7fe42488b10e5cde453299c66e.yaml @@ -0,0 +1,59 @@ +id: CVE-2021-24219-706b5a7fe42488b10e5cde453299c66e + +info: + name: > + Multiple Thrive Themes and Plugins (Various Versions) - Arbitrary Options Update + author: topscoder + severity: medium + description: > + The Thrive Optimize WordPress plugin before 1.4.13.3, Thrive Comments WordPress plugin before 1.4.15.3, Thrive Headline Optimizer WordPress plugin before 1.3.7.3, Thrive Leads WordPress plugin before 2.3.9.4, Thrive Ultimatum WordPress plugin before 2.3.9.4, Thrive Quiz Builder WordPress plugin before 2.3.9.4, Thrive Apprentice WordPress plugin before 2.3.9.4, Thrive Visual Editor WordPress plugin before 2.6.7.4, Thrive Dashboard WordPress plugin before 2.3.9.3, Thrive Ovation WordPress plugin before 2.4.5, Thrive Clever Widgets WordPress plugin before 1.57.1 and Rise by Thrive Themes WordPress theme before 2.0.0, Ignition by Thrive Themes WordPress theme before 2.0.0, Luxe by Thrive Themes WordPress theme before 2.0.0, FocusBlog by Thrive Themes WordPress theme before 2.0.0, Minus by Thrive Themes WordPress theme before 2.0.0, Squared by Thrive Themes WordPress theme before 2.0.0, Voice WordPress theme before 2.0.0, Performag by Thrive Themes WordPress theme before 2.0.0, Pressive by Thrive Themes WordPress theme before 2.0.0, Storied by Thrive Themes WordPress theme before 2.0.0, Thrive Themes Builder WordPress theme before 2.2.4 register a REST API endpoint associated with Zapier functionality. While this endpoint was intended to require an API key in order to access, it was possible to access it by supplying an empty api_key parameter in vulnerable versions if Zapier was not enabled. Attackers could use this endpoint to add arbitrary data to a predefined option in the wp_options table. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c2be56d2-d473-455e-8d6e-d2df6abb19ca?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N + cvss-score: 5.3 + cve-id: CVE-2021-24219 + metadata: + fofa-query: "wp-content/themes/focusblog/" + google-query: inurl:"/wp-content/themes/focusblog/" + shodan-query: 'vuln:CVE-2021-24219' + tags: cve,wordpress,wp-theme,focusblog,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/focusblog/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "focusblog" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.0') \ No newline at end of file diff --git a/nuclei-templates/2021/CVE-2021-24219-a0fe01d3c9acd4fe8776c1da6cafcfbe.yaml b/nuclei-templates/2021/CVE-2021-24219-a0fe01d3c9acd4fe8776c1da6cafcfbe.yaml new file mode 100644 index 0000000000..76721b48e5 --- /dev/null +++ b/nuclei-templates/2021/CVE-2021-24219-a0fe01d3c9acd4fe8776c1da6cafcfbe.yaml @@ -0,0 +1,59 @@ +id: CVE-2021-24219-a0fe01d3c9acd4fe8776c1da6cafcfbe + +info: + name: > + Multiple Thrive Themes and Plugins (Various Versions) - Arbitrary Options Update + author: topscoder + severity: medium + description: > + The Thrive Optimize WordPress plugin before 1.4.13.3, Thrive Comments WordPress plugin before 1.4.15.3, Thrive Headline Optimizer WordPress plugin before 1.3.7.3, Thrive Leads WordPress plugin before 2.3.9.4, Thrive Ultimatum WordPress plugin before 2.3.9.4, Thrive Quiz Builder WordPress plugin before 2.3.9.4, Thrive Apprentice WordPress plugin before 2.3.9.4, Thrive Visual Editor WordPress plugin before 2.6.7.4, Thrive Dashboard WordPress plugin before 2.3.9.3, Thrive Ovation WordPress plugin before 2.4.5, Thrive Clever Widgets WordPress plugin before 1.57.1 and Rise by Thrive Themes WordPress theme before 2.0.0, Ignition by Thrive Themes WordPress theme before 2.0.0, Luxe by Thrive Themes WordPress theme before 2.0.0, FocusBlog by Thrive Themes WordPress theme before 2.0.0, Minus by Thrive Themes WordPress theme before 2.0.0, Squared by Thrive Themes WordPress theme before 2.0.0, Voice WordPress theme before 2.0.0, Performag by Thrive Themes WordPress theme before 2.0.0, Pressive by Thrive Themes WordPress theme before 2.0.0, Storied by Thrive Themes WordPress theme before 2.0.0, Thrive Themes Builder WordPress theme before 2.2.4 register a REST API endpoint associated with Zapier functionality. While this endpoint was intended to require an API key in order to access, it was possible to access it by supplying an empty api_key parameter in vulnerable versions if Zapier was not enabled. Attackers could use this endpoint to add arbitrary data to a predefined option in the wp_options table. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c2be56d2-d473-455e-8d6e-d2df6abb19ca?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N + cvss-score: 5.3 + cve-id: CVE-2021-24219 + metadata: + fofa-query: "wp-content/plugins/thrive-headline-optimizer/" + google-query: inurl:"/wp-content/plugins/thrive-headline-optimizer/" + shodan-query: 'vuln:CVE-2021-24219' + tags: cve,wordpress,wp-plugin,thrive-headline-optimizer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/thrive-headline-optimizer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "thrive-headline-optimizer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.7.3') \ No newline at end of file diff --git a/nuclei-templates/2021/CVE-2021-24219-a54d76b055f9898a00e9b082b78033db.yaml b/nuclei-templates/2021/CVE-2021-24219-a54d76b055f9898a00e9b082b78033db.yaml new file mode 100644 index 0000000000..63f2c0729e --- /dev/null +++ b/nuclei-templates/2021/CVE-2021-24219-a54d76b055f9898a00e9b082b78033db.yaml @@ -0,0 +1,59 @@ +id: CVE-2021-24219-a54d76b055f9898a00e9b082b78033db + +info: + name: > + Multiple Thrive Themes and Plugins (Various Versions) - Arbitrary Options Update + author: topscoder + severity: medium + description: > + The Thrive Optimize WordPress plugin before 1.4.13.3, Thrive Comments WordPress plugin before 1.4.15.3, Thrive Headline Optimizer WordPress plugin before 1.3.7.3, Thrive Leads WordPress plugin before 2.3.9.4, Thrive Ultimatum WordPress plugin before 2.3.9.4, Thrive Quiz Builder WordPress plugin before 2.3.9.4, Thrive Apprentice WordPress plugin before 2.3.9.4, Thrive Visual Editor WordPress plugin before 2.6.7.4, Thrive Dashboard WordPress plugin before 2.3.9.3, Thrive Ovation WordPress plugin before 2.4.5, Thrive Clever Widgets WordPress plugin before 1.57.1 and Rise by Thrive Themes WordPress theme before 2.0.0, Ignition by Thrive Themes WordPress theme before 2.0.0, Luxe by Thrive Themes WordPress theme before 2.0.0, FocusBlog by Thrive Themes WordPress theme before 2.0.0, Minus by Thrive Themes WordPress theme before 2.0.0, Squared by Thrive Themes WordPress theme before 2.0.0, Voice WordPress theme before 2.0.0, Performag by Thrive Themes WordPress theme before 2.0.0, Pressive by Thrive Themes WordPress theme before 2.0.0, Storied by Thrive Themes WordPress theme before 2.0.0, Thrive Themes Builder WordPress theme before 2.2.4 register a REST API endpoint associated with Zapier functionality. While this endpoint was intended to require an API key in order to access, it was possible to access it by supplying an empty api_key parameter in vulnerable versions if Zapier was not enabled. Attackers could use this endpoint to add arbitrary data to a predefined option in the wp_options table. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c2be56d2-d473-455e-8d6e-d2df6abb19ca?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N + cvss-score: 5.3 + cve-id: CVE-2021-24219 + metadata: + fofa-query: "wp-content/plugins/thrive-comments/" + google-query: inurl:"/wp-content/plugins/thrive-comments/" + shodan-query: 'vuln:CVE-2021-24219' + tags: cve,wordpress,wp-plugin,thrive-comments,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/thrive-comments/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "thrive-comments" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.4.15.3') \ No newline at end of file diff --git a/nuclei-templates/2021/CVE-2021-24219-c9b69e3c9509c44107c1a5a373207fe1.yaml b/nuclei-templates/2021/CVE-2021-24219-c9b69e3c9509c44107c1a5a373207fe1.yaml index a7c756ea56..5afd003c73 100644 --- a/nuclei-templates/2021/CVE-2021-24219-c9b69e3c9509c44107c1a5a373207fe1.yaml +++ b/nuclei-templates/2021/CVE-2021-24219-c9b69e3c9509c44107c1a5a373207fe1.yaml @@ -15,17 +15,17 @@ info: cvss-score: 5.3 cve-id: CVE-2021-24219 metadata: - fofa-query: "wp-content/plugins/thrive-leads/" - google-query: inurl:"/wp-content/plugins/thrive-leads/" + fofa-query: "wp-content/plugins/thrive-quiz-builder/" + google-query: inurl:"/wp-content/plugins/thrive-quiz-builder/" shodan-query: 'vuln:CVE-2021-24219' - tags: cve,wordpress,wp-plugin,thrive-leads,medium + tags: cve,wordpress,wp-plugin,thrive-quiz-builder,medium http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/thrive-leads/readme.txt" + - "{{BaseURL}}/wp-content/plugins/thrive-quiz-builder/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "thrive-leads" + - "thrive-quiz-builder" part: body - type: dsl diff --git a/nuclei-templates/2021/CVE-2021-24220-43066de62dd7d7f501f721c9396b60f8.yaml b/nuclei-templates/2021/CVE-2021-24220-43066de62dd7d7f501f721c9396b60f8.yaml index 8c533c2435..2e9a9dd0f6 100644 --- a/nuclei-templates/2021/CVE-2021-24220-43066de62dd7d7f501f721c9396b60f8.yaml +++ b/nuclei-templates/2021/CVE-2021-24220-43066de62dd7d7f501f721c9396b60f8.yaml @@ -15,17 +15,17 @@ info: cvss-score: 9.1 cve-id: CVE-2021-24220 metadata: - fofa-query: "wp-content/themes/ignition/" - google-query: inurl:"/wp-content/themes/ignition/" + fofa-query: "wp-content/themes/focusblog/" + google-query: inurl:"/wp-content/themes/focusblog/" shodan-query: 'vuln:CVE-2021-24220' - tags: cve,wordpress,wp-theme,ignition,critical + tags: cve,wordpress,wp-theme,focusblog,critical http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/themes/ignition/style.css" + - "{{BaseURL}}/wp-content/themes/focusblog/style.css" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "ignition" + - "focusblog" part: body - type: dsl diff --git a/nuclei-templates/2021/CVE-2021-24387-46cf78e6de50515d5a8ff1b6a59818c9.yaml b/nuclei-templates/2021/CVE-2021-24387-46cf78e6de50515d5a8ff1b6a59818c9.yaml index 05d68de764..c5d2b14c62 100644 --- a/nuclei-templates/2021/CVE-2021-24387-46cf78e6de50515d5a8ff1b6a59818c9.yaml +++ b/nuclei-templates/2021/CVE-2021-24387-46cf78e6de50515d5a8ff1b6a59818c9.yaml @@ -15,17 +15,17 @@ info: cvss-score: 6.1 cve-id: CVE-2021-24387 metadata: - fofa-query: "wp-content/plugins/realestate-7/" - google-query: inurl:"/wp-content/plugins/realestate-7/" + fofa-query: "wp-content/themes/realestate-7/" + google-query: inurl:"/wp-content/themes/realestate-7/" shodan-query: 'vuln:CVE-2021-24387' - tags: cve,wordpress,wp-plugin,realestate-7,low + tags: cve,wordpress,wp-theme,realestate-7,low http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/realestate-7/readme.txt" + - "{{BaseURL}}/wp-content/themes/realestate-7/style.css" extractors: - type: regex @@ -34,14 +34,14 @@ http: group: 1 internal: true regex: - - "(?mi)Stable tag: ([0-9.]+)" + - "(?mi)Version: ([0-9.]+)" - type: regex name: version part: body group: 1 regex: - - "(?mi)Stable tag: ([0-9.]+)" + - "(?mi)Version: ([0-9.]+)" matchers-condition: and matchers: diff --git a/nuclei-templates/2021/CVE-2021-24389-06a3e9b6b25dd1aa8ca593f5bb9ce3d3.yaml b/nuclei-templates/2021/CVE-2021-24389-06a3e9b6b25dd1aa8ca593f5bb9ce3d3.yaml index 8f309414e1..976ae4d993 100644 --- a/nuclei-templates/2021/CVE-2021-24389-06a3e9b6b25dd1aa8ca593f5bb9ce3d3.yaml +++ b/nuclei-templates/2021/CVE-2021-24389-06a3e9b6b25dd1aa8ca593f5bb9ce3d3.yaml @@ -15,17 +15,17 @@ info: cvss-score: 6.1 cve-id: CVE-2021-24389 metadata: - fofa-query: "wp-content/themes/foodbakery/" - google-query: inurl:"/wp-content/themes/foodbakery/" + fofa-query: "wp-content/themes/wp-foodbakery/" + google-query: inurl:"/wp-content/themes/wp-foodbakery/" shodan-query: 'vuln:CVE-2021-24389' - tags: cve,wordpress,wp-theme,foodbakery,medium + tags: cve,wordpress,wp-theme,wp-foodbakery,medium http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/themes/foodbakery/style.css" + - "{{BaseURL}}/wp-content/themes/wp-foodbakery/style.css" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "foodbakery" + - "wp-foodbakery" part: body - type: dsl diff --git a/nuclei-templates/2021/CVE-2021-24435-009120dc5f35a3a803987bbf5221415c.yaml b/nuclei-templates/2021/CVE-2021-24435-009120dc5f35a3a803987bbf5221415c.yaml new file mode 100644 index 0000000000..ada763e1be --- /dev/null +++ b/nuclei-templates/2021/CVE-2021-24435-009120dc5f35a3a803987bbf5221415c.yaml @@ -0,0 +1,59 @@ +id: CVE-2021-24435-009120dc5f35a3a803987bbf5221415c + +info: + name: > + Titan Framework <= (Various Versions) - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The iframe-font-preview.php file of the titan-framework does not properly escape the font-weight and font-family GET parameters before outputting them back in an href attribute, leading to Reflected Cross-Site Scripting issues. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fcae647f-7eed-4ecd-83b8-482b55b86ec9?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2021-24435 + metadata: + fofa-query: "wp-content/plugins/awesome-support/" + google-query: inurl:"/wp-content/plugins/awesome-support/" + shodan-query: 'vuln:CVE-2021-24435' + tags: cve,wordpress,wp-plugin,awesome-support,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/awesome-support/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "awesome-support" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.0.10') \ No newline at end of file diff --git a/nuclei-templates/2021/CVE-2021-24435-0df4c6a7367dba45cb9bc65d1d03fa5b.yaml b/nuclei-templates/2021/CVE-2021-24435-0df4c6a7367dba45cb9bc65d1d03fa5b.yaml new file mode 100644 index 0000000000..6e72c332d9 --- /dev/null +++ b/nuclei-templates/2021/CVE-2021-24435-0df4c6a7367dba45cb9bc65d1d03fa5b.yaml @@ -0,0 +1,59 @@ +id: CVE-2021-24435-0df4c6a7367dba45cb9bc65d1d03fa5b + +info: + name: > + Titan Framework <= (Various Versions) - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The iframe-font-preview.php file of the titan-framework does not properly escape the font-weight and font-family GET parameters before outputting them back in an href attribute, leading to Reflected Cross-Site Scripting issues. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fcae647f-7eed-4ecd-83b8-482b55b86ec9?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2021-24435 + metadata: + fofa-query: "wp-content/plugins/mobile-menu/" + google-query: inurl:"/wp-content/plugins/mobile-menu/" + shodan-query: 'vuln:CVE-2021-24435' + tags: cve,wordpress,wp-plugin,mobile-menu,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mobile-menu/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mobile-menu" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.2.2') \ No newline at end of file diff --git a/nuclei-templates/2021/CVE-2021-24435-381f1f39ead87399e7fb2add80383d51.yaml b/nuclei-templates/2021/CVE-2021-24435-381f1f39ead87399e7fb2add80383d51.yaml new file mode 100644 index 0000000000..ab41226007 --- /dev/null +++ b/nuclei-templates/2021/CVE-2021-24435-381f1f39ead87399e7fb2add80383d51.yaml @@ -0,0 +1,59 @@ +id: CVE-2021-24435-381f1f39ead87399e7fb2add80383d51 + +info: + name: > + Titan Framework <= (Various Versions) - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The iframe-font-preview.php file of the titan-framework does not properly escape the font-weight and font-family GET parameters before outputting them back in an href attribute, leading to Reflected Cross-Site Scripting issues. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fcae647f-7eed-4ecd-83b8-482b55b86ec9?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2021-24435 + metadata: + fofa-query: "wp-content/plugins/easy-justified-gallery/" + google-query: inurl:"/wp-content/plugins/easy-justified-gallery/" + shodan-query: 'vuln:CVE-2021-24435' + tags: cve,wordpress,wp-plugin,easy-justified-gallery,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-justified-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-justified-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/2021/CVE-2021-24435-4e3c9d8e54fc2a50ab4e933460720ef6.yaml b/nuclei-templates/2021/CVE-2021-24435-4e3c9d8e54fc2a50ab4e933460720ef6.yaml new file mode 100644 index 0000000000..c7c2b6459a --- /dev/null +++ b/nuclei-templates/2021/CVE-2021-24435-4e3c9d8e54fc2a50ab4e933460720ef6.yaml @@ -0,0 +1,59 @@ +id: CVE-2021-24435-4e3c9d8e54fc2a50ab4e933460720ef6 + +info: + name: > + Titan Framework <= (Various Versions) - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The iframe-font-preview.php file of the titan-framework does not properly escape the font-weight and font-family GET parameters before outputting them back in an href attribute, leading to Reflected Cross-Site Scripting issues. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fcae647f-7eed-4ecd-83b8-482b55b86ec9?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2021-24435 + metadata: + fofa-query: "wp-content/plugins/template-events-calendar/" + google-query: inurl:"/wp-content/plugins/template-events-calendar/" + shodan-query: 'vuln:CVE-2021-24435' + tags: cve,wordpress,wp-plugin,template-events-calendar,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/template-events-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "template-events-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.7.2') \ No newline at end of file diff --git a/nuclei-templates/2021/CVE-2021-24435-508d64feb98ec5947a87a885b3c3077f.yaml b/nuclei-templates/2021/CVE-2021-24435-508d64feb98ec5947a87a885b3c3077f.yaml new file mode 100644 index 0000000000..e5cf8eab41 --- /dev/null +++ b/nuclei-templates/2021/CVE-2021-24435-508d64feb98ec5947a87a885b3c3077f.yaml @@ -0,0 +1,59 @@ +id: CVE-2021-24435-508d64feb98ec5947a87a885b3c3077f + +info: + name: > + Titan Framework <= (Various Versions) - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The iframe-font-preview.php file of the titan-framework does not properly escape the font-weight and font-family GET parameters before outputting them back in an href attribute, leading to Reflected Cross-Site Scripting issues. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fcae647f-7eed-4ecd-83b8-482b55b86ec9?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2021-24435 + metadata: + fofa-query: "wp-content/plugins/webhotelier/" + google-query: inurl:"/wp-content/plugins/webhotelier/" + shodan-query: 'vuln:CVE-2021-24435' + tags: cve,wordpress,wp-plugin,webhotelier,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/webhotelier/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "webhotelier" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.6.1') \ No newline at end of file diff --git a/nuclei-templates/2021/CVE-2021-24435-576a6480b668e0d4231e26bf8cfec0b9.yaml b/nuclei-templates/2021/CVE-2021-24435-576a6480b668e0d4231e26bf8cfec0b9.yaml new file mode 100644 index 0000000000..3a910d7f26 --- /dev/null +++ b/nuclei-templates/2021/CVE-2021-24435-576a6480b668e0d4231e26bf8cfec0b9.yaml @@ -0,0 +1,59 @@ +id: CVE-2021-24435-576a6480b668e0d4231e26bf8cfec0b9 + +info: + name: > + Titan Framework <= (Various Versions) - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The iframe-font-preview.php file of the titan-framework does not properly escape the font-weight and font-family GET parameters before outputting them back in an href attribute, leading to Reflected Cross-Site Scripting issues. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fcae647f-7eed-4ecd-83b8-482b55b86ec9?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2021-24435 + metadata: + fofa-query: "wp-content/plugins/icustomizer/" + google-query: inurl:"/wp-content/plugins/icustomizer/" + shodan-query: 'vuln:CVE-2021-24435' + tags: cve,wordpress,wp-plugin,icustomizer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/icustomizer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "icustomizer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.13') \ No newline at end of file diff --git a/nuclei-templates/2021/CVE-2021-24435-638f818373849250ce75bd656aba583e.yaml b/nuclei-templates/2021/CVE-2021-24435-638f818373849250ce75bd656aba583e.yaml index 0b05fed755..79e88045d3 100644 --- a/nuclei-templates/2021/CVE-2021-24435-638f818373849250ce75bd656aba583e.yaml +++ b/nuclei-templates/2021/CVE-2021-24435-638f818373849250ce75bd656aba583e.yaml @@ -15,17 +15,17 @@ info: cvss-score: 6.1 cve-id: CVE-2021-24435 metadata: - fofa-query: "wp-content/plugins/amp-extensions/" - google-query: inurl:"/wp-content/plugins/amp-extensions/" + fofa-query: "wp-content/plugins/affiliate-pro/" + google-query: inurl:"/wp-content/plugins/affiliate-pro/" shodan-query: 'vuln:CVE-2021-24435' - tags: cve,wordpress,wp-plugin,amp-extensions,medium + tags: cve,wordpress,wp-plugin,affiliate-pro,medium http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/amp-extensions/readme.txt" + - "{{BaseURL}}/wp-content/plugins/affiliate-pro/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "amp-extensions" + - "affiliate-pro" part: body - type: dsl diff --git a/nuclei-templates/2021/CVE-2021-24435-7dda370fc53fcd36c41a44687f7a8679.yaml b/nuclei-templates/2021/CVE-2021-24435-7dda370fc53fcd36c41a44687f7a8679.yaml new file mode 100644 index 0000000000..4ff0584dab --- /dev/null +++ b/nuclei-templates/2021/CVE-2021-24435-7dda370fc53fcd36c41a44687f7a8679.yaml @@ -0,0 +1,59 @@ +id: CVE-2021-24435-7dda370fc53fcd36c41a44687f7a8679 + +info: + name: > + Titan Framework <= (Various Versions) - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The iframe-font-preview.php file of the titan-framework does not properly escape the font-weight and font-family GET parameters before outputting them back in an href attribute, leading to Reflected Cross-Site Scripting issues. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fcae647f-7eed-4ecd-83b8-482b55b86ec9?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2021-24435 + metadata: + fofa-query: "wp-content/plugins/w3s-cf7-zoho/" + google-query: inurl:"/wp-content/plugins/w3s-cf7-zoho/" + shodan-query: 'vuln:CVE-2021-24435' + tags: cve,wordpress,wp-plugin,w3s-cf7-zoho,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/w3s-cf7-zoho/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "w3s-cf7-zoho" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1.0') \ No newline at end of file diff --git a/nuclei-templates/2021/CVE-2021-24435-a4a9aab94bfeb6bc60d5a57c51dbc88f.yaml b/nuclei-templates/2021/CVE-2021-24435-a4a9aab94bfeb6bc60d5a57c51dbc88f.yaml new file mode 100644 index 0000000000..24cbaf12fa --- /dev/null +++ b/nuclei-templates/2021/CVE-2021-24435-a4a9aab94bfeb6bc60d5a57c51dbc88f.yaml @@ -0,0 +1,59 @@ +id: CVE-2021-24435-a4a9aab94bfeb6bc60d5a57c51dbc88f + +info: + name: > + Titan Framework <= (Various Versions) - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The iframe-font-preview.php file of the titan-framework does not properly escape the font-weight and font-family GET parameters before outputting them back in an href attribute, leading to Reflected Cross-Site Scripting issues. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fcae647f-7eed-4ecd-83b8-482b55b86ec9?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2021-24435 + metadata: + fofa-query: "wp-content/plugins/live-chat-facebook-fanpage/" + google-query: inurl:"/wp-content/plugins/live-chat-facebook-fanpage/" + shodan-query: 'vuln:CVE-2021-24435' + tags: cve,wordpress,wp-plugin,live-chat-facebook-fanpage,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/live-chat-facebook-fanpage/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "live-chat-facebook-fanpage" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.0') \ No newline at end of file diff --git a/nuclei-templates/2021/CVE-2021-24435-bd761b7f968d3d75f6263e718a9b11a4.yaml b/nuclei-templates/2021/CVE-2021-24435-bd761b7f968d3d75f6263e718a9b11a4.yaml new file mode 100644 index 0000000000..f75f9dd50f --- /dev/null +++ b/nuclei-templates/2021/CVE-2021-24435-bd761b7f968d3d75f6263e718a9b11a4.yaml @@ -0,0 +1,59 @@ +id: CVE-2021-24435-bd761b7f968d3d75f6263e718a9b11a4 + +info: + name: > + Titan Framework <= (Various Versions) - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The iframe-font-preview.php file of the titan-framework does not properly escape the font-weight and font-family GET parameters before outputting them back in an href attribute, leading to Reflected Cross-Site Scripting issues. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fcae647f-7eed-4ecd-83b8-482b55b86ec9?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2021-24435 + metadata: + fofa-query: "wp-content/plugins/station-pro/" + google-query: inurl:"/wp-content/plugins/station-pro/" + shodan-query: 'vuln:CVE-2021-24435' + tags: cve,wordpress,wp-plugin,station-pro,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/station-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "station-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '2.2.1') \ No newline at end of file diff --git a/nuclei-templates/2021/CVE-2021-24435-f16c52d6b4f0de5b0f9fb44814bb27e6.yaml b/nuclei-templates/2021/CVE-2021-24435-f16c52d6b4f0de5b0f9fb44814bb27e6.yaml new file mode 100644 index 0000000000..c9121fc122 --- /dev/null +++ b/nuclei-templates/2021/CVE-2021-24435-f16c52d6b4f0de5b0f9fb44814bb27e6.yaml @@ -0,0 +1,59 @@ +id: CVE-2021-24435-f16c52d6b4f0de5b0f9fb44814bb27e6 + +info: + name: > + Titan Framework <= (Various Versions) - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The iframe-font-preview.php file of the titan-framework does not properly escape the font-weight and font-family GET parameters before outputting them back in an href attribute, leading to Reflected Cross-Site Scripting issues. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fcae647f-7eed-4ecd-83b8-482b55b86ec9?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2021-24435 + metadata: + fofa-query: "wp-content/plugins/yandex-money-button/" + google-query: inurl:"/wp-content/plugins/yandex-money-button/" + shodan-query: 'vuln:CVE-2021-24435' + tags: cve,wordpress,wp-plugin,yandex-money-button,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yandex-money-button/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yandex-money-button" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.4.0') \ No newline at end of file diff --git a/nuclei-templates/2021/CVE-2021-24733-31badf9d2838768efd8786215097ca3f.yaml b/nuclei-templates/2021/CVE-2021-24733-31badf9d2838768efd8786215097ca3f.yaml index e87a1bbeda..6902729616 100644 --- a/nuclei-templates/2021/CVE-2021-24733-31badf9d2838768efd8786215097ca3f.yaml +++ b/nuclei-templates/2021/CVE-2021-24733-31badf9d2838768efd8786215097ca3f.yaml @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 1.1.') \ No newline at end of file + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/2021/CVE-2021-24752-4e497db09cf9bf4731122f79f433038b.yaml b/nuclei-templates/2021/CVE-2021-24752-4e497db09cf9bf4731122f79f433038b.yaml new file mode 100644 index 0000000000..4035a7187e --- /dev/null +++ b/nuclei-templates/2021/CVE-2021-24752-4e497db09cf9bf4731122f79f433038b.yaml @@ -0,0 +1,59 @@ +id: CVE-2021-24752-4e497db09cf9bf4731122f79f433038b + +info: + name: > + CatchThemes Plugins (Various Versions) - Missing Authorization + author: topscoder + severity: low + description: > + Multiple Plugins from the CatchThemes vendor do not perform capability and CSRF checks in the ctp_switch AJAX action, which could allow any authenticated users, such as Subscriber to change the Essential Widgets WordPress plugin before 1.9, To Top WordPress plugin before 2.3, Header Enhancement WordPress plugin before 1.5, Generate Child Theme WordPress plugin before 1.6, Essential Content Types WordPress plugin before 1.9, Catch Web Tools WordPress plugin before 2.7, Catch Under Construction WordPress plugin before 1.4, Catch Themes Demo Import WordPress plugin before 1.6, Catch Sticky Menu WordPress plugin before 1.7, Catch Scroll Progress Bar WordPress plugin before 1.6, Social Gallery and Widget WordPress plugin before 2.3, Catch Infinite Scroll WordPress plugin before 1.9, Catch Import Export WordPress plugin before 1.9, Catch Gallery WordPress plugin before 1.7, Catch Duplicate Switcher WordPress plugin before 1.6, Catch Breadcrumb WordPress plugin before 1.7, Catch IDs WordPress plugin before 2.4's configurations. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ba5656b9-615d-4764-974a-301d3dd748e8?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L + cvss-score: 5.4 + cve-id: CVE-2021-24752 + metadata: + fofa-query: "wp-content/plugins/catch-web-tools/" + google-query: inurl:"/wp-content/plugins/catch-web-tools/" + shodan-query: 'vuln:CVE-2021-24752' + tags: cve,wordpress,wp-plugin,catch-web-tools,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/catch-web-tools/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "catch-web-tools" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.7') \ No newline at end of file diff --git a/nuclei-templates/2021/CVE-2021-24752-771caac4a63440e92a232a581d9cab47.yaml b/nuclei-templates/2021/CVE-2021-24752-771caac4a63440e92a232a581d9cab47.yaml index 118be8d331..180368334b 100644 --- a/nuclei-templates/2021/CVE-2021-24752-771caac4a63440e92a232a581d9cab47.yaml +++ b/nuclei-templates/2021/CVE-2021-24752-771caac4a63440e92a232a581d9cab47.yaml @@ -15,17 +15,17 @@ info: cvss-score: 5.4 cve-id: CVE-2021-24752 metadata: - fofa-query: "wp-content/plugins/catch-import-export/" - google-query: inurl:"/wp-content/plugins/catch-import-export/" + fofa-query: "wp-content/plugins/essential-content-types/" + google-query: inurl:"/wp-content/plugins/essential-content-types/" shodan-query: 'vuln:CVE-2021-24752' - tags: cve,wordpress,wp-plugin,catch-import-export,low + tags: cve,wordpress,wp-plugin,essential-content-types,low http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/catch-import-export/readme.txt" + - "{{BaseURL}}/wp-content/plugins/essential-content-types/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "catch-import-export" + - "essential-content-types" part: body - type: dsl diff --git a/nuclei-templates/2021/CVE-2021-24752-95bb72c249735ef6c46636b5749bec78.yaml b/nuclei-templates/2021/CVE-2021-24752-95bb72c249735ef6c46636b5749bec78.yaml new file mode 100644 index 0000000000..0d0d630342 --- /dev/null +++ b/nuclei-templates/2021/CVE-2021-24752-95bb72c249735ef6c46636b5749bec78.yaml @@ -0,0 +1,59 @@ +id: CVE-2021-24752-95bb72c249735ef6c46636b5749bec78 + +info: + name: > + CatchThemes Plugins (Various Versions) - Missing Authorization + author: topscoder + severity: low + description: > + Multiple Plugins from the CatchThemes vendor do not perform capability and CSRF checks in the ctp_switch AJAX action, which could allow any authenticated users, such as Subscriber to change the Essential Widgets WordPress plugin before 1.9, To Top WordPress plugin before 2.3, Header Enhancement WordPress plugin before 1.5, Generate Child Theme WordPress plugin before 1.6, Essential Content Types WordPress plugin before 1.9, Catch Web Tools WordPress plugin before 2.7, Catch Under Construction WordPress plugin before 1.4, Catch Themes Demo Import WordPress plugin before 1.6, Catch Sticky Menu WordPress plugin before 1.7, Catch Scroll Progress Bar WordPress plugin before 1.6, Social Gallery and Widget WordPress plugin before 2.3, Catch Infinite Scroll WordPress plugin before 1.9, Catch Import Export WordPress plugin before 1.9, Catch Gallery WordPress plugin before 1.7, Catch Duplicate Switcher WordPress plugin before 1.6, Catch Breadcrumb WordPress plugin before 1.7, Catch IDs WordPress plugin before 2.4's configurations. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ba5656b9-615d-4764-974a-301d3dd748e8?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L + cvss-score: 5.4 + cve-id: CVE-2021-24752 + metadata: + fofa-query: "wp-content/plugins/catch-ids/" + google-query: inurl:"/wp-content/plugins/catch-ids/" + shodan-query: 'vuln:CVE-2021-24752' + tags: cve,wordpress,wp-plugin,catch-ids,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/catch-ids/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "catch-ids" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.4') \ No newline at end of file diff --git a/nuclei-templates/2021/CVE-2021-24752-a4dba750a11a0ced03eedc105c5cc495.yaml b/nuclei-templates/2021/CVE-2021-24752-a4dba750a11a0ced03eedc105c5cc495.yaml new file mode 100644 index 0000000000..f263a632dd --- /dev/null +++ b/nuclei-templates/2021/CVE-2021-24752-a4dba750a11a0ced03eedc105c5cc495.yaml @@ -0,0 +1,59 @@ +id: CVE-2021-24752-a4dba750a11a0ced03eedc105c5cc495 + +info: + name: > + CatchThemes Plugins (Various Versions) - Missing Authorization + author: topscoder + severity: low + description: > + Multiple Plugins from the CatchThemes vendor do not perform capability and CSRF checks in the ctp_switch AJAX action, which could allow any authenticated users, such as Subscriber to change the Essential Widgets WordPress plugin before 1.9, To Top WordPress plugin before 2.3, Header Enhancement WordPress plugin before 1.5, Generate Child Theme WordPress plugin before 1.6, Essential Content Types WordPress plugin before 1.9, Catch Web Tools WordPress plugin before 2.7, Catch Under Construction WordPress plugin before 1.4, Catch Themes Demo Import WordPress plugin before 1.6, Catch Sticky Menu WordPress plugin before 1.7, Catch Scroll Progress Bar WordPress plugin before 1.6, Social Gallery and Widget WordPress plugin before 2.3, Catch Infinite Scroll WordPress plugin before 1.9, Catch Import Export WordPress plugin before 1.9, Catch Gallery WordPress plugin before 1.7, Catch Duplicate Switcher WordPress plugin before 1.6, Catch Breadcrumb WordPress plugin before 1.7, Catch IDs WordPress plugin before 2.4's configurations. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ba5656b9-615d-4764-974a-301d3dd748e8?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L + cvss-score: 5.4 + cve-id: CVE-2021-24752 + metadata: + fofa-query: "wp-content/plugins/catch-gallery/" + google-query: inurl:"/wp-content/plugins/catch-gallery/" + shodan-query: 'vuln:CVE-2021-24752' + tags: cve,wordpress,wp-plugin,catch-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/catch-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "catch-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.7') \ No newline at end of file diff --git a/nuclei-templates/2021/CVE-2021-24752-b01a1cff0fbb39d7632c86bbae5825b2.yaml b/nuclei-templates/2021/CVE-2021-24752-b01a1cff0fbb39d7632c86bbae5825b2.yaml index 90b8600174..e5d23f9492 100644 --- a/nuclei-templates/2021/CVE-2021-24752-b01a1cff0fbb39d7632c86bbae5825b2.yaml +++ b/nuclei-templates/2021/CVE-2021-24752-b01a1cff0fbb39d7632c86bbae5825b2.yaml @@ -15,17 +15,17 @@ info: cvss-score: 5.4 cve-id: CVE-2021-24752 metadata: - fofa-query: "wp-content/plugins/catch-instagram-feed-gallery-widget/" - google-query: inurl:"/wp-content/plugins/catch-instagram-feed-gallery-widget/" + fofa-query: "wp-content/plugins/to-top/" + google-query: inurl:"/wp-content/plugins/to-top/" shodan-query: 'vuln:CVE-2021-24752' - tags: cve,wordpress,wp-plugin,catch-instagram-feed-gallery-widget,low + tags: cve,wordpress,wp-plugin,to-top,low http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/catch-instagram-feed-gallery-widget/readme.txt" + - "{{BaseURL}}/wp-content/plugins/to-top/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "catch-instagram-feed-gallery-widget" + - "to-top" part: body - type: dsl diff --git a/nuclei-templates/2021/CVE-2021-24752-f5b787bc2fd07b88ca415a008905a5fd.yaml b/nuclei-templates/2021/CVE-2021-24752-f5b787bc2fd07b88ca415a008905a5fd.yaml index 95a41d84ce..76316cee5f 100644 --- a/nuclei-templates/2021/CVE-2021-24752-f5b787bc2fd07b88ca415a008905a5fd.yaml +++ b/nuclei-templates/2021/CVE-2021-24752-f5b787bc2fd07b88ca415a008905a5fd.yaml @@ -15,17 +15,17 @@ info: cvss-score: 5.4 cve-id: CVE-2021-24752 metadata: - fofa-query: "wp-content/plugins/generate-child-theme/" - google-query: inurl:"/wp-content/plugins/generate-child-theme/" + fofa-query: "wp-content/plugins/catch-scroll-progress-bar/" + google-query: inurl:"/wp-content/plugins/catch-scroll-progress-bar/" shodan-query: 'vuln:CVE-2021-24752' - tags: cve,wordpress,wp-plugin,generate-child-theme,low + tags: cve,wordpress,wp-plugin,catch-scroll-progress-bar,low http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/generate-child-theme/readme.txt" + - "{{BaseURL}}/wp-content/plugins/catch-scroll-progress-bar/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "generate-child-theme" + - "catch-scroll-progress-bar" part: body - type: dsl diff --git a/nuclei-templates/2021/CVE-2021-24759-d86ee5ae4f26caf1f8b4cfd0f9d8f584.yaml b/nuclei-templates/2021/CVE-2021-24759-d86ee5ae4f26caf1f8b4cfd0f9d8f584.yaml index b082e89e2e..c7c3afc84e 100644 --- a/nuclei-templates/2021/CVE-2021-24759-d86ee5ae4f26caf1f8b4cfd0f9d8f584.yaml +++ b/nuclei-templates/2021/CVE-2021-24759-d86ee5ae4f26caf1f8b4cfd0f9d8f584.yaml @@ -2,9 +2,9 @@ id: CVE-2021-24759-d86ee5ae4f26caf1f8b4cfd0f9d8f584 info: name: > - PDF.js Viewer <= 2.0.1 - Contributor+ Stored Cross-Site Scripting + PDF.js Viewer <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting author: topscoder - severity: medium + severity: low description: > The PDF.js Viewer WordPress plugin before 2.0.2 does not escape some of its shortcode and Gutenberg Block attributes, which could allow users with a role as low as Contributor to to perform Cross-Site Scripting attacks reference: @@ -18,7 +18,7 @@ info: fofa-query: "wp-content/plugins/pdfjs-viewer-shortcode/" google-query: inurl:"/wp-content/plugins/pdfjs-viewer-shortcode/" shodan-query: 'vuln:CVE-2021-24759' - tags: cve,wordpress,wp-plugin,pdfjs-viewer-shortcode,medium + tags: cve,wordpress,wp-plugin,pdfjs-viewer-shortcode,low http: - method: GET diff --git a/nuclei-templates/2021/CVE-2021-24916-2dbffb5f1549f9ead592bb0109626154.yaml b/nuclei-templates/2021/CVE-2021-24916-2dbffb5f1549f9ead592bb0109626154.yaml index 660d03adfe..945b954f6d 100644 --- a/nuclei-templates/2021/CVE-2021-24916-2dbffb5f1549f9ead592bb0109626154.yaml +++ b/nuclei-templates/2021/CVE-2021-24916-2dbffb5f1549f9ead592bb0109626154.yaml @@ -15,17 +15,17 @@ info: cvss-score: 5.3 cve-id: CVE-2021-24916 metadata: - fofa-query: "wp-content/plugins/UNKNOWN-CVE-2021-24916-1/" - google-query: inurl:"/wp-content/plugins/UNKNOWN-CVE-2021-24916-1/" + fofa-query: "wp-content/plugins/qubely/" + google-query: inurl:"/wp-content/plugins/qubely/" shodan-query: 'vuln:CVE-2021-24916' - tags: cve,wordpress,wp-plugin,UNKNOWN-CVE-2021-24916-1,medium + tags: cve,wordpress,wp-plugin,qubely,medium http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/UNKNOWN-CVE-2021-24916-1/readme.txt" + - "{{BaseURL}}/wp-content/plugins/qubely/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "UNKNOWN-CVE-2021-24916-1" + - "qubely" part: body - type: dsl diff --git a/nuclei-templates/2021/CVE-2021-24962-7996d122658e6c739881deaf61d48c0b.yaml b/nuclei-templates/2021/CVE-2021-24962-7996d122658e6c739881deaf61d48c0b.yaml index e653a4643a..7d6e101cb0 100644 --- a/nuclei-templates/2021/CVE-2021-24962-7996d122658e6c739881deaf61d48c0b.yaml +++ b/nuclei-templates/2021/CVE-2021-24962-7996d122658e6c739881deaf61d48c0b.yaml @@ -15,17 +15,17 @@ info: cvss-score: 6.5 cve-id: CVE-2021-24962 metadata: - fofa-query: "wp-content/plugins/wp-file-upload/" - google-query: inurl:"/wp-content/plugins/wp-file-upload/" + fofa-query: "wp-content/plugins/wordpress-file-upload-pro/" + google-query: inurl:"/wp-content/plugins/wordpress-file-upload-pro/" shodan-query: 'vuln:CVE-2021-24962' - tags: cve,wordpress,wp-plugin,wp-file-upload,low + tags: cve,wordpress,wp-plugin,wordpress-file-upload-pro,low http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/wp-file-upload/readme.txt" + - "{{BaseURL}}/wp-content/plugins/wordpress-file-upload-pro/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "wp-file-upload" + - "wordpress-file-upload-pro" part: body - type: dsl diff --git a/nuclei-templates/2021/CVE-2021-25084-350201e0914eb5ea016cac0048b643d4.yaml b/nuclei-templates/2021/CVE-2021-25084-350201e0914eb5ea016cac0048b643d4.yaml index 3a28fb83a5..e4964f9838 100644 --- a/nuclei-templates/2021/CVE-2021-25084-350201e0914eb5ea016cac0048b643d4.yaml +++ b/nuclei-templates/2021/CVE-2021-25084-350201e0914eb5ea016cac0048b643d4.yaml @@ -15,17 +15,17 @@ info: cvss-score: 4.3 cve-id: CVE-2021-25084 metadata: - fofa-query: "wp-content/plugins/advanced-cron-manager/" - google-query: inurl:"/wp-content/plugins/advanced-cron-manager/" + fofa-query: "wp-content/plugins/advanced-cron-manager-pro/" + google-query: inurl:"/wp-content/plugins/advanced-cron-manager-pro/" shodan-query: 'vuln:CVE-2021-25084' - tags: cve,wordpress,wp-plugin,advanced-cron-manager,low + tags: cve,wordpress,wp-plugin,advanced-cron-manager-pro,low http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/advanced-cron-manager/readme.txt" + - "{{BaseURL}}/wp-content/plugins/advanced-cron-manager-pro/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "advanced-cron-manager" + - "advanced-cron-manager-pro" part: body - type: dsl diff --git a/nuclei-templates/2021/CVE-2021-25120-741620318602be588fe47e36ac60a05f.yaml b/nuclei-templates/2021/CVE-2021-25120-741620318602be588fe47e36ac60a05f.yaml index 2e9234d3b6..cd9ee07bf4 100644 --- a/nuclei-templates/2021/CVE-2021-25120-741620318602be588fe47e36ac60a05f.yaml +++ b/nuclei-templates/2021/CVE-2021-25120-741620318602be588fe47e36ac60a05f.yaml @@ -15,17 +15,17 @@ info: cvss-score: 6.1 cve-id: CVE-2021-25120 metadata: - fofa-query: "wp-content/plugins/easy-facebook-likebox/" - google-query: inurl:"/wp-content/plugins/easy-facebook-likebox/" + fofa-query: "wp-content/plugins/easy-facebook-likebox-premium/" + google-query: inurl:"/wp-content/plugins/easy-facebook-likebox-premium/" shodan-query: 'vuln:CVE-2021-25120' - tags: cve,wordpress,wp-plugin,easy-facebook-likebox,medium + tags: cve,wordpress,wp-plugin,easy-facebook-likebox-premium,medium http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/easy-facebook-likebox/readme.txt" + - "{{BaseURL}}/wp-content/plugins/easy-facebook-likebox-premium/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "easy-facebook-likebox" + - "easy-facebook-likebox-premium" part: body - type: dsl diff --git a/nuclei-templates/2021/CVE-2021-39317-015841e4d77d293e04bf9d59557f8c12.yaml b/nuclei-templates/2021/CVE-2021-39317-015841e4d77d293e04bf9d59557f8c12.yaml new file mode 100644 index 0000000000..12cebf09a5 --- /dev/null +++ b/nuclei-templates/2021/CVE-2021-39317-015841e4d77d293e04bf9d59557f8c12.yaml @@ -0,0 +1,59 @@ +id: CVE-2021-39317-015841e4d77d293e04bf9d59557f8c12 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to malicious file uploads via the plugin_offline_installer AJAX action due to a missing capability check in the plugin_offline_installer_callback function found in the /demo-functions.php file or /welcome.php file of the affected products. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ef1a097-955c-4a0e-a1a2-b34ae2903d0e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2021-39317 + metadata: + fofa-query: "wp-content/themes/sakala/" + google-query: inurl:"/wp-content/themes/sakala/" + shodan-query: 'vuln:CVE-2021-39317' + tags: cve,wordpress,wp-theme,sakala,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/sakala/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sakala" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.4') \ No newline at end of file diff --git a/nuclei-templates/2021/CVE-2021-39317-04cf5df2c323590eca815f255845d3ab.yaml b/nuclei-templates/2021/CVE-2021-39317-04cf5df2c323590eca815f255845d3ab.yaml new file mode 100644 index 0000000000..393005790e --- /dev/null +++ b/nuclei-templates/2021/CVE-2021-39317-04cf5df2c323590eca815f255845d3ab.yaml @@ -0,0 +1,59 @@ +id: CVE-2021-39317-04cf5df2c323590eca815f255845d3ab + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to malicious file uploads via the plugin_offline_installer AJAX action due to a missing capability check in the plugin_offline_installer_callback function found in the /demo-functions.php file or /welcome.php file of the affected products. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ef1a097-955c-4a0e-a1a2-b34ae2903d0e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2021-39317 + metadata: + fofa-query: "wp-content/themes/zigcy-lite/" + google-query: inurl:"/wp-content/themes/zigcy-lite/" + shodan-query: 'vuln:CVE-2021-39317' + tags: cve,wordpress,wp-theme,zigcy-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/zigcy-lite/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "zigcy-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.9') \ No newline at end of file diff --git a/nuclei-templates/2021/CVE-2021-39317-34a35e66abd8bc39d1312647d4d6c270.yaml b/nuclei-templates/2021/CVE-2021-39317-34a35e66abd8bc39d1312647d4d6c270.yaml new file mode 100644 index 0000000000..62095a0634 --- /dev/null +++ b/nuclei-templates/2021/CVE-2021-39317-34a35e66abd8bc39d1312647d4d6c270.yaml @@ -0,0 +1,59 @@ +id: CVE-2021-39317-34a35e66abd8bc39d1312647d4d6c270 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to malicious file uploads via the plugin_offline_installer AJAX action due to a missing capability check in the plugin_offline_installer_callback function found in the /demo-functions.php file or /welcome.php file of the affected products. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ef1a097-955c-4a0e-a1a2-b34ae2903d0e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2021-39317 + metadata: + fofa-query: "wp-content/themes/punte/" + google-query: inurl:"/wp-content/themes/punte/" + shodan-query: 'vuln:CVE-2021-39317' + tags: cve,wordpress,wp-theme,punte,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/punte/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "punte" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/2021/CVE-2021-39317-41ac7cc2e1e103ba7ba2f10d304b252a.yaml b/nuclei-templates/2021/CVE-2021-39317-41ac7cc2e1e103ba7ba2f10d304b252a.yaml new file mode 100644 index 0000000000..6342791e80 --- /dev/null +++ b/nuclei-templates/2021/CVE-2021-39317-41ac7cc2e1e103ba7ba2f10d304b252a.yaml @@ -0,0 +1,59 @@ +id: CVE-2021-39317-41ac7cc2e1e103ba7ba2f10d304b252a + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to malicious file uploads via the plugin_offline_installer AJAX action due to a missing capability check in the plugin_offline_installer_callback function found in the /demo-functions.php file or /welcome.php file of the affected products. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ef1a097-955c-4a0e-a1a2-b34ae2903d0e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2021-39317 + metadata: + fofa-query: "wp-content/themes/storevilla/" + google-query: inurl:"/wp-content/themes/storevilla/" + shodan-query: 'vuln:CVE-2021-39317' + tags: cve,wordpress,wp-theme,storevilla,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/storevilla/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "storevilla" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.1') \ No newline at end of file diff --git a/nuclei-templates/2021/CVE-2021-39317-427d2b633dc584575aef82bf5609c4b8.yaml b/nuclei-templates/2021/CVE-2021-39317-427d2b633dc584575aef82bf5609c4b8.yaml new file mode 100644 index 0000000000..15433be602 --- /dev/null +++ b/nuclei-templates/2021/CVE-2021-39317-427d2b633dc584575aef82bf5609c4b8.yaml @@ -0,0 +1,59 @@ +id: CVE-2021-39317-427d2b633dc584575aef82bf5609c4b8 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to malicious file uploads via the plugin_offline_installer AJAX action due to a missing capability check in the plugin_offline_installer_callback function found in the /demo-functions.php file or /welcome.php file of the affected products. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ef1a097-955c-4a0e-a1a2-b34ae2903d0e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2021-39317 + metadata: + fofa-query: "wp-content/themes/zigcy-baby/" + google-query: inurl:"/wp-content/themes/zigcy-baby/" + shodan-query: 'vuln:CVE-2021-39317' + tags: cve,wordpress,wp-theme,zigcy-baby,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/zigcy-baby/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "zigcy-baby" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.6') \ No newline at end of file diff --git a/nuclei-templates/2021/CVE-2021-39317-4bd1a9308cd263812f77a60c9ec84aa8.yaml b/nuclei-templates/2021/CVE-2021-39317-4bd1a9308cd263812f77a60c9ec84aa8.yaml new file mode 100644 index 0000000000..ad68da953b --- /dev/null +++ b/nuclei-templates/2021/CVE-2021-39317-4bd1a9308cd263812f77a60c9ec84aa8.yaml @@ -0,0 +1,59 @@ +id: CVE-2021-39317-4bd1a9308cd263812f77a60c9ec84aa8 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to malicious file uploads via the plugin_offline_installer AJAX action due to a missing capability check in the plugin_offline_installer_callback function found in the /demo-functions.php file or /welcome.php file of the affected products. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ef1a097-955c-4a0e-a1a2-b34ae2903d0e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2021-39317 + metadata: + fofa-query: "wp-content/themes/accesspress-parallax-new/" + google-query: inurl:"/wp-content/themes/accesspress-parallax-new/" + shodan-query: 'vuln:CVE-2021-39317' + tags: cve,wordpress,wp-theme,accesspress-parallax-new,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/accesspress-parallax-new/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "accesspress-parallax-new" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.5') \ No newline at end of file diff --git a/nuclei-templates/2021/CVE-2021-39317-54a7a760e2a341477c533aa0f3aa298a.yaml b/nuclei-templates/2021/CVE-2021-39317-54a7a760e2a341477c533aa0f3aa298a.yaml new file mode 100644 index 0000000000..e366fe6f02 --- /dev/null +++ b/nuclei-templates/2021/CVE-2021-39317-54a7a760e2a341477c533aa0f3aa298a.yaml @@ -0,0 +1,59 @@ +id: CVE-2021-39317-54a7a760e2a341477c533aa0f3aa298a + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to malicious file uploads via the plugin_offline_installer AJAX action due to a missing capability check in the plugin_offline_installer_callback function found in the /demo-functions.php file or /welcome.php file of the affected products. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ef1a097-955c-4a0e-a1a2-b34ae2903d0e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2021-39317 + metadata: + fofa-query: "wp-content/themes/the-launcher/" + google-query: inurl:"/wp-content/themes/the-launcher/" + shodan-query: 'vuln:CVE-2021-39317' + tags: cve,wordpress,wp-theme,the-launcher,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/the-launcher/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "the-launcher" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.2') \ No newline at end of file diff --git a/nuclei-templates/2021/CVE-2021-39317-584828fac614f7fd78f7514a46924bf0.yaml b/nuclei-templates/2021/CVE-2021-39317-584828fac614f7fd78f7514a46924bf0.yaml new file mode 100644 index 0000000000..0ebfac015e --- /dev/null +++ b/nuclei-templates/2021/CVE-2021-39317-584828fac614f7fd78f7514a46924bf0.yaml @@ -0,0 +1,59 @@ +id: CVE-2021-39317-584828fac614f7fd78f7514a46924bf0 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to malicious file uploads via the plugin_offline_installer AJAX action due to a missing capability check in the plugin_offline_installer_callback function found in the /demo-functions.php file or /welcome.php file of the affected products. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ef1a097-955c-4a0e-a1a2-b34ae2903d0e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2021-39317 + metadata: + fofa-query: "wp-content/themes/accesspress-basic/" + google-query: inurl:"/wp-content/themes/accesspress-basic/" + shodan-query: 'vuln:CVE-2021-39317' + tags: cve,wordpress,wp-theme,accesspress-basic,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/accesspress-basic/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "accesspress-basic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.1') \ No newline at end of file diff --git a/nuclei-templates/2021/CVE-2021-39317-5ba05c89485cd9b9c7d76c3f26ec185a.yaml b/nuclei-templates/2021/CVE-2021-39317-5ba05c89485cd9b9c7d76c3f26ec185a.yaml new file mode 100644 index 0000000000..bc32fd4913 --- /dev/null +++ b/nuclei-templates/2021/CVE-2021-39317-5ba05c89485cd9b9c7d76c3f26ec185a.yaml @@ -0,0 +1,59 @@ +id: CVE-2021-39317-5ba05c89485cd9b9c7d76c3f26ec185a + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to malicious file uploads via the plugin_offline_installer AJAX action due to a missing capability check in the plugin_offline_installer_callback function found in the /demo-functions.php file or /welcome.php file of the affected products. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ef1a097-955c-4a0e-a1a2-b34ae2903d0e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2021-39317 + metadata: + fofa-query: "wp-content/themes/vmagazine-news/" + google-query: inurl:"/wp-content/themes/vmagazine-news/" + shodan-query: 'vuln:CVE-2021-39317' + tags: cve,wordpress,wp-theme,vmagazine-news,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/vmagazine-news/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "vmagazine-news" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.5') \ No newline at end of file diff --git a/nuclei-templates/2021/CVE-2021-39317-746f99bd736922e3ebcb41daf525db98.yaml b/nuclei-templates/2021/CVE-2021-39317-746f99bd736922e3ebcb41daf525db98.yaml new file mode 100644 index 0000000000..a8cba07978 --- /dev/null +++ b/nuclei-templates/2021/CVE-2021-39317-746f99bd736922e3ebcb41daf525db98.yaml @@ -0,0 +1,59 @@ +id: CVE-2021-39317-746f99bd736922e3ebcb41daf525db98 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to malicious file uploads via the plugin_offline_installer AJAX action due to a missing capability check in the plugin_offline_installer_callback function found in the /demo-functions.php file or /welcome.php file of the affected products. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ef1a097-955c-4a0e-a1a2-b34ae2903d0e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2021-39317 + metadata: + fofa-query: "wp-content/themes/wp-store/" + google-query: inurl:"/wp-content/themes/wp-store/" + shodan-query: 'vuln:CVE-2021-39317' + tags: cve,wordpress,wp-theme,wp-store,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/wp-store/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-store" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.9') \ No newline at end of file diff --git a/nuclei-templates/2021/CVE-2021-39317-8435ef7f0489e0a3035ec221dd7084a6.yaml b/nuclei-templates/2021/CVE-2021-39317-8435ef7f0489e0a3035ec221dd7084a6.yaml new file mode 100644 index 0000000000..ebd6fb50ec --- /dev/null +++ b/nuclei-templates/2021/CVE-2021-39317-8435ef7f0489e0a3035ec221dd7084a6.yaml @@ -0,0 +1,59 @@ +id: CVE-2021-39317-8435ef7f0489e0a3035ec221dd7084a6 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to malicious file uploads via the plugin_offline_installer AJAX action due to a missing capability check in the plugin_offline_installer_callback function found in the /demo-functions.php file or /welcome.php file of the affected products. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ef1a097-955c-4a0e-a1a2-b34ae2903d0e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2021-39317 + metadata: + fofa-query: "wp-content/themes/accesspress-store/" + google-query: inurl:"/wp-content/themes/accesspress-store/" + shodan-query: 'vuln:CVE-2021-39317' + tags: cve,wordpress,wp-theme,accesspress-store,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/accesspress-store/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "accesspress-store" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.9') \ No newline at end of file diff --git a/nuclei-templates/2021/CVE-2021-39317-99caec32cfb12d3b026c24ffeab7f312.yaml b/nuclei-templates/2021/CVE-2021-39317-99caec32cfb12d3b026c24ffeab7f312.yaml new file mode 100644 index 0000000000..6548a81eab --- /dev/null +++ b/nuclei-templates/2021/CVE-2021-39317-99caec32cfb12d3b026c24ffeab7f312.yaml @@ -0,0 +1,59 @@ +id: CVE-2021-39317-99caec32cfb12d3b026c24ffeab7f312 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to malicious file uploads via the plugin_offline_installer AJAX action due to a missing capability check in the plugin_offline_installer_callback function found in the /demo-functions.php file or /welcome.php file of the affected products. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ef1a097-955c-4a0e-a1a2-b34ae2903d0e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2021-39317 + metadata: + fofa-query: "wp-content/themes/parallaxsome/" + google-query: inurl:"/wp-content/themes/parallaxsome/" + shodan-query: 'vuln:CVE-2021-39317' + tags: cve,wordpress,wp-theme,parallaxsome,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/parallaxsome/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "parallaxsome" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.6') \ No newline at end of file diff --git a/nuclei-templates/2021/CVE-2021-39317-a08d0ebb17a9631430173b8c2be087ba.yaml b/nuclei-templates/2021/CVE-2021-39317-a08d0ebb17a9631430173b8c2be087ba.yaml new file mode 100644 index 0000000000..cd0bdabd1b --- /dev/null +++ b/nuclei-templates/2021/CVE-2021-39317-a08d0ebb17a9631430173b8c2be087ba.yaml @@ -0,0 +1,59 @@ +id: CVE-2021-39317-a08d0ebb17a9631430173b8c2be087ba + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to malicious file uploads via the plugin_offline_installer AJAX action due to a missing capability check in the plugin_offline_installer_callback function found in the /demo-functions.php file or /welcome.php file of the affected products. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ef1a097-955c-4a0e-a1a2-b34ae2903d0e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2021-39317 + metadata: + fofa-query: "wp-content/themes/opstore/" + google-query: inurl:"/wp-content/themes/opstore/" + shodan-query: 'vuln:CVE-2021-39317' + tags: cve,wordpress,wp-theme,opstore,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/opstore/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "opstore" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.3') \ No newline at end of file diff --git a/nuclei-templates/2021/CVE-2021-39317-a1196ea0b8ef228cf627420f2ac8985e.yaml b/nuclei-templates/2021/CVE-2021-39317-a1196ea0b8ef228cf627420f2ac8985e.yaml new file mode 100644 index 0000000000..22f6bd6881 --- /dev/null +++ b/nuclei-templates/2021/CVE-2021-39317-a1196ea0b8ef228cf627420f2ac8985e.yaml @@ -0,0 +1,59 @@ +id: CVE-2021-39317-a1196ea0b8ef228cf627420f2ac8985e + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to malicious file uploads via the plugin_offline_installer AJAX action due to a missing capability check in the plugin_offline_installer_callback function found in the /demo-functions.php file or /welcome.php file of the affected products. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ef1a097-955c-4a0e-a1a2-b34ae2903d0e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2021-39317 + metadata: + fofa-query: "wp-content/themes/accesspress-root/" + google-query: inurl:"/wp-content/themes/accesspress-root/" + shodan-query: 'vuln:CVE-2021-39317' + tags: cve,wordpress,wp-theme,accesspress-root,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/accesspress-root/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "accesspress-root" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5') \ No newline at end of file diff --git a/nuclei-templates/2021/CVE-2021-39317-b0b6612c74e701e6feeb42e597fce5df.yaml b/nuclei-templates/2021/CVE-2021-39317-b0b6612c74e701e6feeb42e597fce5df.yaml new file mode 100644 index 0000000000..d2a03dbdab --- /dev/null +++ b/nuclei-templates/2021/CVE-2021-39317-b0b6612c74e701e6feeb42e597fce5df.yaml @@ -0,0 +1,59 @@ +id: CVE-2021-39317-b0b6612c74e701e6feeb42e597fce5df + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to malicious file uploads via the plugin_offline_installer AJAX action due to a missing capability check in the plugin_offline_installer_callback function found in the /demo-functions.php file or /welcome.php file of the affected products. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ef1a097-955c-4a0e-a1a2-b34ae2903d0e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2021-39317 + metadata: + fofa-query: "wp-content/themes/fotography/" + google-query: inurl:"/wp-content/themes/fotography/" + shodan-query: 'vuln:CVE-2021-39317' + tags: cve,wordpress,wp-theme,fotography,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/fotography/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fotography" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.0') \ No newline at end of file diff --git a/nuclei-templates/2021/CVE-2021-39317-b62aa17690bdd2ae2d98f93a61a9772f.yaml b/nuclei-templates/2021/CVE-2021-39317-b62aa17690bdd2ae2d98f93a61a9772f.yaml new file mode 100644 index 0000000000..52527db210 --- /dev/null +++ b/nuclei-templates/2021/CVE-2021-39317-b62aa17690bdd2ae2d98f93a61a9772f.yaml @@ -0,0 +1,59 @@ +id: CVE-2021-39317-b62aa17690bdd2ae2d98f93a61a9772f + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to malicious file uploads via the plugin_offline_installer AJAX action due to a missing capability check in the plugin_offline_installer_callback function found in the /demo-functions.php file or /welcome.php file of the affected products. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ef1a097-955c-4a0e-a1a2-b34ae2903d0e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2021-39317 + metadata: + fofa-query: "wp-content/themes/bloger/" + google-query: inurl:"/wp-content/themes/bloger/" + shodan-query: 'vuln:CVE-2021-39317' + tags: cve,wordpress,wp-theme,bloger,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/bloger/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bloger" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.6') \ No newline at end of file diff --git a/nuclei-templates/2021/CVE-2021-39317-d43e569bca6648bc7f918520ddfac66e.yaml b/nuclei-templates/2021/CVE-2021-39317-d43e569bca6648bc7f918520ddfac66e.yaml new file mode 100644 index 0000000000..03b7bed889 --- /dev/null +++ b/nuclei-templates/2021/CVE-2021-39317-d43e569bca6648bc7f918520ddfac66e.yaml @@ -0,0 +1,59 @@ +id: CVE-2021-39317-d43e569bca6648bc7f918520ddfac66e + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to malicious file uploads via the plugin_offline_installer AJAX action due to a missing capability check in the plugin_offline_installer_callback function found in the /demo-functions.php file or /welcome.php file of the affected products. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ef1a097-955c-4a0e-a1a2-b34ae2903d0e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2021-39317 + metadata: + fofa-query: "wp-content/themes/accesspress-lite/" + google-query: inurl:"/wp-content/themes/accesspress-lite/" + shodan-query: 'vuln:CVE-2021-39317' + tags: cve,wordpress,wp-theme,accesspress-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/accesspress-lite/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "accesspress-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.92') \ No newline at end of file diff --git a/nuclei-templates/2021/CVE-2021-39317-d5e8d42ca99aa23911dde00b960b6692.yaml b/nuclei-templates/2021/CVE-2021-39317-d5e8d42ca99aa23911dde00b960b6692.yaml new file mode 100644 index 0000000000..03a83b3163 --- /dev/null +++ b/nuclei-templates/2021/CVE-2021-39317-d5e8d42ca99aa23911dde00b960b6692.yaml @@ -0,0 +1,59 @@ +id: CVE-2021-39317-d5e8d42ca99aa23911dde00b960b6692 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to malicious file uploads via the plugin_offline_installer AJAX action due to a missing capability check in the plugin_offline_installer_callback function found in the /demo-functions.php file or /welcome.php file of the affected products. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ef1a097-955c-4a0e-a1a2-b34ae2903d0e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2021-39317 + metadata: + fofa-query: "wp-content/themes/eightlaw-lite/" + google-query: inurl:"/wp-content/themes/eightlaw-lite/" + shodan-query: 'vuln:CVE-2021-39317' + tags: cve,wordpress,wp-theme,eightlaw-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/eightlaw-lite/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "eightlaw-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.5') \ No newline at end of file diff --git a/nuclei-templates/2021/CVE-2021-39317-d91d8c5e1763279dba7b480b22176ff9.yaml b/nuclei-templates/2021/CVE-2021-39317-d91d8c5e1763279dba7b480b22176ff9.yaml new file mode 100644 index 0000000000..6af0e93b28 --- /dev/null +++ b/nuclei-templates/2021/CVE-2021-39317-d91d8c5e1763279dba7b480b22176ff9.yaml @@ -0,0 +1,59 @@ +id: CVE-2021-39317-d91d8c5e1763279dba7b480b22176ff9 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to malicious file uploads via the plugin_offline_installer AJAX action due to a missing capability check in the plugin_offline_installer_callback function found in the /demo-functions.php file or /welcome.php file of the affected products. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ef1a097-955c-4a0e-a1a2-b34ae2903d0e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2021-39317 + metadata: + fofa-query: "wp-content/themes/construction-lite/" + google-query: inurl:"/wp-content/themes/construction-lite/" + shodan-query: 'vuln:CVE-2021-39317' + tags: cve,wordpress,wp-theme,construction-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/construction-lite/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "construction-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.5') \ No newline at end of file diff --git a/nuclei-templates/2021/CVE-2021-39317-d95f5d87dc119bc23b86951b2e20d227.yaml b/nuclei-templates/2021/CVE-2021-39317-d95f5d87dc119bc23b86951b2e20d227.yaml new file mode 100644 index 0000000000..f6bf9bd14e --- /dev/null +++ b/nuclei-templates/2021/CVE-2021-39317-d95f5d87dc119bc23b86951b2e20d227.yaml @@ -0,0 +1,59 @@ +id: CVE-2021-39317-d95f5d87dc119bc23b86951b2e20d227 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to malicious file uploads via the plugin_offline_installer AJAX action due to a missing capability check in the plugin_offline_installer_callback function found in the /demo-functions.php file or /welcome.php file of the affected products. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ef1a097-955c-4a0e-a1a2-b34ae2903d0e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2021-39317 + metadata: + fofa-query: "wp-content/themes/eightmedi-lite/" + google-query: inurl:"/wp-content/themes/eightmedi-lite/" + shodan-query: 'vuln:CVE-2021-39317' + tags: cve,wordpress,wp-theme,eightmedi-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/eightmedi-lite/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "eightmedi-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.8') \ No newline at end of file diff --git a/nuclei-templates/2021/CVE-2021-39317-dc6ffd6e7a0a134ce93deebce149af86.yaml b/nuclei-templates/2021/CVE-2021-39317-dc6ffd6e7a0a134ce93deebce149af86.yaml new file mode 100644 index 0000000000..04c7fbbde5 --- /dev/null +++ b/nuclei-templates/2021/CVE-2021-39317-dc6ffd6e7a0a134ce93deebce149af86.yaml @@ -0,0 +1,59 @@ +id: CVE-2021-39317-dc6ffd6e7a0a134ce93deebce149af86 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to malicious file uploads via the plugin_offline_installer AJAX action due to a missing capability check in the plugin_offline_installer_callback function found in the /demo-functions.php file or /welcome.php file of the affected products. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ef1a097-955c-4a0e-a1a2-b34ae2903d0e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2021-39317 + metadata: + fofa-query: "wp-content/themes/enlighten/" + google-query: inurl:"/wp-content/themes/enlighten/" + shodan-query: 'vuln:CVE-2021-39317' + tags: cve,wordpress,wp-theme,enlighten,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/enlighten/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "enlighten" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.5') \ No newline at end of file diff --git a/nuclei-templates/2021/CVE-2021-39317-e3f849a24de82c7d8434b8a943f83086.yaml b/nuclei-templates/2021/CVE-2021-39317-e3f849a24de82c7d8434b8a943f83086.yaml index 8dd47c46e8..7fc358b7f5 100644 --- a/nuclei-templates/2021/CVE-2021-39317-e3f849a24de82c7d8434b8a943f83086.yaml +++ b/nuclei-templates/2021/CVE-2021-39317-e3f849a24de82c7d8434b8a943f83086.yaml @@ -15,17 +15,17 @@ info: cvss-score: 8.8 cve-id: CVE-2021-39317 metadata: - fofa-query: "wp-content/themes/the-monday/" - google-query: inurl:"/wp-content/themes/the-monday/" + fofa-query: "wp-content/themes/edict-lite/" + google-query: inurl:"/wp-content/themes/edict-lite/" shodan-query: 'vuln:CVE-2021-39317' - tags: cve,wordpress,wp-theme,the-monday,low + tags: cve,wordpress,wp-theme,edict-lite,low http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/themes/the-monday/style.css" + - "{{BaseURL}}/wp-content/themes/edict-lite/style.css" extractors: - type: regex @@ -51,9 +51,9 @@ http: - type: word words: - - "the-monday" + - "edict-lite" part: body - type: dsl dsl: - - compare_versions(version, '<= 1.4.1') \ No newline at end of file + - compare_versions(version, '<= 1.1.4') \ No newline at end of file diff --git a/nuclei-templates/2021/CVE-2021-39317-e8a9839ab510665c8bd5d0589cc49d76.yaml b/nuclei-templates/2021/CVE-2021-39317-e8a9839ab510665c8bd5d0589cc49d76.yaml new file mode 100644 index 0000000000..222e2d48eb --- /dev/null +++ b/nuclei-templates/2021/CVE-2021-39317-e8a9839ab510665c8bd5d0589cc49d76.yaml @@ -0,0 +1,59 @@ +id: CVE-2021-39317-e8a9839ab510665c8bd5d0589cc49d76 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to malicious file uploads via the plugin_offline_installer AJAX action due to a missing capability check in the plugin_offline_installer_callback function found in the /demo-functions.php file or /welcome.php file of the affected products. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ef1a097-955c-4a0e-a1a2-b34ae2903d0e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2021-39317 + metadata: + fofa-query: "wp-content/themes/accesspress-mag/" + google-query: inurl:"/wp-content/themes/accesspress-mag/" + shodan-query: 'vuln:CVE-2021-39317' + tags: cve,wordpress,wp-theme,accesspress-mag,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/accesspress-mag/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "accesspress-mag" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.5') \ No newline at end of file diff --git a/nuclei-templates/2021/CVE-2021-39317-ea6439111ef4cc7f39b2b9c2cac8764a.yaml b/nuclei-templates/2021/CVE-2021-39317-ea6439111ef4cc7f39b2b9c2cac8764a.yaml new file mode 100644 index 0000000000..0ebcbe0179 --- /dev/null +++ b/nuclei-templates/2021/CVE-2021-39317-ea6439111ef4cc7f39b2b9c2cac8764a.yaml @@ -0,0 +1,59 @@ +id: CVE-2021-39317-ea6439111ef4cc7f39b2b9c2cac8764a + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to malicious file uploads via the plugin_offline_installer AJAX action due to a missing capability check in the plugin_offline_installer_callback function found in the /demo-functions.php file or /welcome.php file of the affected products. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ef1a097-955c-4a0e-a1a2-b34ae2903d0e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2021-39317 + metadata: + fofa-query: "wp-content/themes/arrival/" + google-query: inurl:"/wp-content/themes/arrival/" + shodan-query: 'vuln:CVE-2021-39317' + tags: cve,wordpress,wp-theme,arrival,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/arrival/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "arrival" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.2') \ No newline at end of file diff --git a/nuclei-templates/2021/CVE-2021-39317-f344d2bc4d1bf417049d4760419dc10e.yaml b/nuclei-templates/2021/CVE-2021-39317-f344d2bc4d1bf417049d4760419dc10e.yaml new file mode 100644 index 0000000000..a2031dbd51 --- /dev/null +++ b/nuclei-templates/2021/CVE-2021-39317-f344d2bc4d1bf417049d4760419dc10e.yaml @@ -0,0 +1,59 @@ +id: CVE-2021-39317-f344d2bc4d1bf417049d4760419dc10e + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to malicious file uploads via the plugin_offline_installer AJAX action due to a missing capability check in the plugin_offline_installer_callback function found in the /demo-functions.php file or /welcome.php file of the affected products. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ef1a097-955c-4a0e-a1a2-b34ae2903d0e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2021-39317 + metadata: + fofa-query: "wp-content/themes/vmag/" + google-query: inurl:"/wp-content/themes/vmag/" + shodan-query: 'vuln:CVE-2021-39317' + tags: cve,wordpress,wp-theme,vmag,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/vmag/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "vmag" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.7') \ No newline at end of file diff --git a/nuclei-templates/2021/CVE-2021-39317-f930fb01cc98a27a650c03630a386f5a.yaml b/nuclei-templates/2021/CVE-2021-39317-f930fb01cc98a27a650c03630a386f5a.yaml new file mode 100644 index 0000000000..1311a01cb4 --- /dev/null +++ b/nuclei-templates/2021/CVE-2021-39317-f930fb01cc98a27a650c03630a386f5a.yaml @@ -0,0 +1,59 @@ +id: CVE-2021-39317-f930fb01cc98a27a650c03630a386f5a + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to malicious file uploads via the plugin_offline_installer AJAX action due to a missing capability check in the plugin_offline_installer_callback function found in the /demo-functions.php file or /welcome.php file of the affected products. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ef1a097-955c-4a0e-a1a2-b34ae2903d0e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2021-39317 + metadata: + fofa-query: "wp-content/themes/digital-agency-lite/" + google-query: inurl:"/wp-content/themes/digital-agency-lite/" + shodan-query: 'vuln:CVE-2021-39317' + tags: cve,wordpress,wp-theme,digital-agency-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/digital-agency-lite/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "digital-agency-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.6') \ No newline at end of file diff --git a/nuclei-templates/2021/CVE-2021-4337-108f6c1d65d999f8048c9c563ded7a0c.yaml b/nuclei-templates/2021/CVE-2021-4337-108f6c1d65d999f8048c9c563ded7a0c.yaml index 663d95e641..9e0ac030e8 100644 --- a/nuclei-templates/2021/CVE-2021-4337-108f6c1d65d999f8048c9c563ded7a0c.yaml +++ b/nuclei-templates/2021/CVE-2021-4337-108f6c1d65d999f8048c9c563ded7a0c.yaml @@ -15,17 +15,17 @@ info: cvss-score: 8.8 cve-id: CVE-2021-4337 metadata: - fofa-query: "wp-content/plugins/woocommerce-warranties-and-returns/" - google-query: inurl:"/wp-content/plugins/woocommerce-warranties-and-returns/" + fofa-query: "wp-content/plugins/improved-variable-product-attributes/" + google-query: inurl:"/wp-content/plugins/improved-variable-product-attributes/" shodan-query: 'vuln:CVE-2021-4337' - tags: cve,wordpress,wp-plugin,woocommerce-warranties-and-returns,low + tags: cve,wordpress,wp-plugin,improved-variable-product-attributes,low http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/woocommerce-warranties-and-returns/readme.txt" + - "{{BaseURL}}/wp-content/plugins/improved-variable-product-attributes/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "woocommerce-warranties-and-returns" + - "improved-variable-product-attributes" part: body - type: dsl diff --git a/nuclei-templates/2021/CVE-2021-4337-6b2d17b7f22ee41d30a37ef2062e0f78.yaml b/nuclei-templates/2021/CVE-2021-4337-6b2d17b7f22ee41d30a37ef2062e0f78.yaml new file mode 100644 index 0000000000..7655406cf2 --- /dev/null +++ b/nuclei-templates/2021/CVE-2021-4337-6b2d17b7f22ee41d30a37ef2062e0f78.yaml @@ -0,0 +1,59 @@ +id: CVE-2021-4337-6b2d17b7f22ee41d30a37ef2062e0f78 + +info: + name: > + Multiple XforWooCommerce Add-On Plugins (Various Versions) - Missing Authorization + author: topscoder + severity: low + description: > + Sixteen XforWooCommerce Add-On Plugins for WordPress are vulnerable to authorization bypass due to a missing capability check on the wp_ajax_svx_ajax_factory function in various versions listed below. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to read, edit, or delete WordPress settings, plugin settings, and to arbitrarily list all users on a WordPress website. The plugins impacted are: Product Filter for WooCommerce < 8.2.0, Improved Product Options for WooCommerce < 5.3.0, Improved Sale Badges for WooCommerce < 4.4.0, Share, Print and PDF Products for WooCommerce < 2.8.0, Product Loops for WooCommerce < 1.7.0, XforWooCommerce < 1.7.0, Package Quantity Discount < 1.2.0, Price Commander for WooCommerce < 1.3.0, Comment and Review Spam Control for WooCommerce < 1.5.0, Add Product Tabs for WooCommerce < 1.5.0, Autopilot SEO for WooCommerce < 1.6.0, Floating Cart < 1.3.0, Live Search for WooCommerce < 2.1.0, Bulk Add to Cart for WooCommerce < 1.3.0, Live Product Editor for WooCommerce < 4.7.0, and Warranties and Returns for WooCommerce < 5.3.0. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/05481984-7c18-4ec7-8d7c-831809c3e86b?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2021-4337 + metadata: + fofa-query: "wp-content/plugins/seo-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/seo-for-woocommerce/" + shodan-query: 'vuln:CVE-2021-4337' + tags: cve,wordpress,wp-plugin,seo-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/seo-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "seo-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.6.0') \ No newline at end of file diff --git a/nuclei-templates/2021/CVE-2021-4337-a7f7efd9d1d2e430c2caa118543147d4.yaml b/nuclei-templates/2021/CVE-2021-4337-a7f7efd9d1d2e430c2caa118543147d4.yaml index 23fc97d06f..40c81853af 100644 --- a/nuclei-templates/2021/CVE-2021-4337-a7f7efd9d1d2e430c2caa118543147d4.yaml +++ b/nuclei-templates/2021/CVE-2021-4337-a7f7efd9d1d2e430c2caa118543147d4.yaml @@ -15,17 +15,17 @@ info: cvss-score: 8.8 cve-id: CVE-2021-4337 metadata: - fofa-query: "wp-content/plugins/price-commander-xforwc/" - google-query: inurl:"/wp-content/plugins/price-commander-xforwc/" + fofa-query: "wp-content/plugins/floating-cart-xforwc/" + google-query: inurl:"/wp-content/plugins/floating-cart-xforwc/" shodan-query: 'vuln:CVE-2021-4337' - tags: cve,wordpress,wp-plugin,price-commander-xforwc,low + tags: cve,wordpress,wp-plugin,floating-cart-xforwc,low http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/price-commander-xforwc/readme.txt" + - "{{BaseURL}}/wp-content/plugins/floating-cart-xforwc/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "price-commander-xforwc" + - "floating-cart-xforwc" part: body - type: dsl diff --git a/nuclei-templates/2021/CVE-2021-4337-bc5176fc4ba83f30f7296f9bbb7977f1.yaml b/nuclei-templates/2021/CVE-2021-4337-bc5176fc4ba83f30f7296f9bbb7977f1.yaml index b716cb792b..273c8f7502 100644 --- a/nuclei-templates/2021/CVE-2021-4337-bc5176fc4ba83f30f7296f9bbb7977f1.yaml +++ b/nuclei-templates/2021/CVE-2021-4337-bc5176fc4ba83f30f7296f9bbb7977f1.yaml @@ -15,17 +15,17 @@ info: cvss-score: 8.8 cve-id: CVE-2021-4337 metadata: - fofa-query: "wp-content/plugins/xforwoocommerce/" - google-query: inurl:"/wp-content/plugins/xforwoocommerce/" + fofa-query: "wp-content/plugins/product-loops/" + google-query: inurl:"/wp-content/plugins/product-loops/" shodan-query: 'vuln:CVE-2021-4337' - tags: cve,wordpress,wp-plugin,xforwoocommerce,low + tags: cve,wordpress,wp-plugin,product-loops,low http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/xforwoocommerce/readme.txt" + - "{{BaseURL}}/wp-content/plugins/product-loops/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "xforwoocommerce" + - "product-loops" part: body - type: dsl diff --git a/nuclei-templates/2021/CVE-2021-4337-d235d8227efac35cc3f7623e7dad3116.yaml b/nuclei-templates/2021/CVE-2021-4337-d235d8227efac35cc3f7623e7dad3116.yaml new file mode 100644 index 0000000000..2ea3f967b8 --- /dev/null +++ b/nuclei-templates/2021/CVE-2021-4337-d235d8227efac35cc3f7623e7dad3116.yaml @@ -0,0 +1,59 @@ +id: CVE-2021-4337-d235d8227efac35cc3f7623e7dad3116 + +info: + name: > + Multiple XforWooCommerce Add-On Plugins (Various Versions) - Missing Authorization + author: topscoder + severity: low + description: > + Sixteen XforWooCommerce Add-On Plugins for WordPress are vulnerable to authorization bypass due to a missing capability check on the wp_ajax_svx_ajax_factory function in various versions listed below. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to read, edit, or delete WordPress settings, plugin settings, and to arbitrarily list all users on a WordPress website. The plugins impacted are: Product Filter for WooCommerce < 8.2.0, Improved Product Options for WooCommerce < 5.3.0, Improved Sale Badges for WooCommerce < 4.4.0, Share, Print and PDF Products for WooCommerce < 2.8.0, Product Loops for WooCommerce < 1.7.0, XforWooCommerce < 1.7.0, Package Quantity Discount < 1.2.0, Price Commander for WooCommerce < 1.3.0, Comment and Review Spam Control for WooCommerce < 1.5.0, Add Product Tabs for WooCommerce < 1.5.0, Autopilot SEO for WooCommerce < 1.6.0, Floating Cart < 1.3.0, Live Search for WooCommerce < 2.1.0, Bulk Add to Cart for WooCommerce < 1.3.0, Live Product Editor for WooCommerce < 4.7.0, and Warranties and Returns for WooCommerce < 5.3.0. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/05481984-7c18-4ec7-8d7c-831809c3e86b?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2021-4337 + metadata: + fofa-query: "wp-content/plugins/share-print-pdf-woocommerce/" + google-query: inurl:"/wp-content/plugins/share-print-pdf-woocommerce/" + shodan-query: 'vuln:CVE-2021-4337' + tags: cve,wordpress,wp-plugin,share-print-pdf-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/share-print-pdf-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "share-print-pdf-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.8.0') \ No newline at end of file diff --git a/nuclei-templates/2021/CVE-2021-4337-daeebb550dd474122e0ecc9f07aa0c84.yaml b/nuclei-templates/2021/CVE-2021-4337-daeebb550dd474122e0ecc9f07aa0c84.yaml new file mode 100644 index 0000000000..aba33ee6c8 --- /dev/null +++ b/nuclei-templates/2021/CVE-2021-4337-daeebb550dd474122e0ecc9f07aa0c84.yaml @@ -0,0 +1,59 @@ +id: CVE-2021-4337-daeebb550dd474122e0ecc9f07aa0c84 + +info: + name: > + Multiple XforWooCommerce Add-On Plugins (Various Versions) - Missing Authorization + author: topscoder + severity: low + description: > + Sixteen XforWooCommerce Add-On Plugins for WordPress are vulnerable to authorization bypass due to a missing capability check on the wp_ajax_svx_ajax_factory function in various versions listed below. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to read, edit, or delete WordPress settings, plugin settings, and to arbitrarily list all users on a WordPress website. The plugins impacted are: Product Filter for WooCommerce < 8.2.0, Improved Product Options for WooCommerce < 5.3.0, Improved Sale Badges for WooCommerce < 4.4.0, Share, Print and PDF Products for WooCommerce < 2.8.0, Product Loops for WooCommerce < 1.7.0, XforWooCommerce < 1.7.0, Package Quantity Discount < 1.2.0, Price Commander for WooCommerce < 1.3.0, Comment and Review Spam Control for WooCommerce < 1.5.0, Add Product Tabs for WooCommerce < 1.5.0, Autopilot SEO for WooCommerce < 1.6.0, Floating Cart < 1.3.0, Live Search for WooCommerce < 2.1.0, Bulk Add to Cart for WooCommerce < 1.3.0, Live Product Editor for WooCommerce < 4.7.0, and Warranties and Returns for WooCommerce < 5.3.0. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/05481984-7c18-4ec7-8d7c-831809c3e86b?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2021-4337 + metadata: + fofa-query: "wp-content/plugins/package-quantity-xforwc/" + google-query: inurl:"/wp-content/plugins/package-quantity-xforwc/" + shodan-query: 'vuln:CVE-2021-4337' + tags: cve,wordpress,wp-plugin,package-quantity-xforwc,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/package-quantity-xforwc/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "package-quantity-xforwc" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.0') \ No newline at end of file diff --git a/nuclei-templates/2021/CVE-2021-4337-eaa4b6bb64d4f0250973ef528cbbc242.yaml b/nuclei-templates/2021/CVE-2021-4337-eaa4b6bb64d4f0250973ef528cbbc242.yaml new file mode 100644 index 0000000000..e47eee6a8f --- /dev/null +++ b/nuclei-templates/2021/CVE-2021-4337-eaa4b6bb64d4f0250973ef528cbbc242.yaml @@ -0,0 +1,59 @@ +id: CVE-2021-4337-eaa4b6bb64d4f0250973ef528cbbc242 + +info: + name: > + Multiple XforWooCommerce Add-On Plugins (Various Versions) - Missing Authorization + author: topscoder + severity: low + description: > + Sixteen XforWooCommerce Add-On Plugins for WordPress are vulnerable to authorization bypass due to a missing capability check on the wp_ajax_svx_ajax_factory function in various versions listed below. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to read, edit, or delete WordPress settings, plugin settings, and to arbitrarily list all users on a WordPress website. The plugins impacted are: Product Filter for WooCommerce < 8.2.0, Improved Product Options for WooCommerce < 5.3.0, Improved Sale Badges for WooCommerce < 4.4.0, Share, Print and PDF Products for WooCommerce < 2.8.0, Product Loops for WooCommerce < 1.7.0, XforWooCommerce < 1.7.0, Package Quantity Discount < 1.2.0, Price Commander for WooCommerce < 1.3.0, Comment and Review Spam Control for WooCommerce < 1.5.0, Add Product Tabs for WooCommerce < 1.5.0, Autopilot SEO for WooCommerce < 1.6.0, Floating Cart < 1.3.0, Live Search for WooCommerce < 2.1.0, Bulk Add to Cart for WooCommerce < 1.3.0, Live Product Editor for WooCommerce < 4.7.0, and Warranties and Returns for WooCommerce < 5.3.0. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/05481984-7c18-4ec7-8d7c-831809c3e86b?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2021-4337 + metadata: + fofa-query: "wp-content/plugins/add-tabs-xforwc/" + google-query: inurl:"/wp-content/plugins/add-tabs-xforwc/" + shodan-query: 'vuln:CVE-2021-4337' + tags: cve,wordpress,wp-plugin,add-tabs-xforwc,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/add-tabs-xforwc/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "add-tabs-xforwc" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.0') \ No newline at end of file diff --git a/nuclei-templates/2021/CVE-2021-4337-f4bf53b9828200804a555f55b92cbb80.yaml b/nuclei-templates/2021/CVE-2021-4337-f4bf53b9828200804a555f55b92cbb80.yaml new file mode 100644 index 0000000000..ab7d56cb7e --- /dev/null +++ b/nuclei-templates/2021/CVE-2021-4337-f4bf53b9828200804a555f55b92cbb80.yaml @@ -0,0 +1,59 @@ +id: CVE-2021-4337-f4bf53b9828200804a555f55b92cbb80 + +info: + name: > + Multiple XforWooCommerce Add-On Plugins (Various Versions) - Missing Authorization + author: topscoder + severity: low + description: > + Sixteen XforWooCommerce Add-On Plugins for WordPress are vulnerable to authorization bypass due to a missing capability check on the wp_ajax_svx_ajax_factory function in various versions listed below. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to read, edit, or delete WordPress settings, plugin settings, and to arbitrarily list all users on a WordPress website. The plugins impacted are: Product Filter for WooCommerce < 8.2.0, Improved Product Options for WooCommerce < 5.3.0, Improved Sale Badges for WooCommerce < 4.4.0, Share, Print and PDF Products for WooCommerce < 2.8.0, Product Loops for WooCommerce < 1.7.0, XforWooCommerce < 1.7.0, Package Quantity Discount < 1.2.0, Price Commander for WooCommerce < 1.3.0, Comment and Review Spam Control for WooCommerce < 1.5.0, Add Product Tabs for WooCommerce < 1.5.0, Autopilot SEO for WooCommerce < 1.6.0, Floating Cart < 1.3.0, Live Search for WooCommerce < 2.1.0, Bulk Add to Cart for WooCommerce < 1.3.0, Live Product Editor for WooCommerce < 4.7.0, and Warranties and Returns for WooCommerce < 5.3.0. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/05481984-7c18-4ec7-8d7c-831809c3e86b?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2021-4337 + metadata: + fofa-query: "wp-content/plugins/live-search-xforwc/" + google-query: inurl:"/wp-content/plugins/live-search-xforwc/" + shodan-query: 'vuln:CVE-2021-4337' + tags: cve,wordpress,wp-plugin,live-search-xforwc,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/live-search-xforwc/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "live-search-xforwc" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1.0') \ No newline at end of file diff --git a/nuclei-templates/2021/CVE-2021-4418-0581c731f4d82dcd1086d8453f3cc35a.yaml b/nuclei-templates/2021/CVE-2021-4418-0581c731f4d82dcd1086d8453f3cc35a.yaml index eae67249a1..495962983b 100644 --- a/nuclei-templates/2021/CVE-2021-4418-0581c731f4d82dcd1086d8453f3cc35a.yaml +++ b/nuclei-templates/2021/CVE-2021-4418-0581c731f4d82dcd1086d8453f3cc35a.yaml @@ -15,17 +15,17 @@ info: cvss-score: 4.3 cve-id: CVE-2021-4418 metadata: - fofa-query: "wp-content/plugins/custom-css/" - google-query: inurl:"/wp-content/plugins/custom-css/" + fofa-query: "wp-content/plugins/custom-css-js-php/" + google-query: inurl:"/wp-content/plugins/custom-css-js-php/" shodan-query: 'vuln:CVE-2021-4418' - tags: cve,wordpress,wp-plugin,custom-css,medium + tags: cve,wordpress,wp-plugin,custom-css-js-php,medium http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/custom-css/readme.txt" + - "{{BaseURL}}/wp-content/plugins/custom-css-js-php/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "custom-css" + - "custom-css-js-php" part: body - type: dsl diff --git a/nuclei-templates/2022/CVE-2022-0316-6879bb49bdcefc32af28f53fa3c2a944.yaml b/nuclei-templates/2022/CVE-2022-0316-6879bb49bdcefc32af28f53fa3c2a944.yaml index 408d88c700..466544fae8 100644 --- a/nuclei-templates/2022/CVE-2022-0316-6879bb49bdcefc32af28f53fa3c2a944.yaml +++ b/nuclei-templates/2022/CVE-2022-0316-6879bb49bdcefc32af28f53fa3c2a944.yaml @@ -15,17 +15,17 @@ info: cvss-score: 9.8 cve-id: CVE-2022-0316 metadata: - fofa-query: "wp-content/themes/aidreform/" - google-query: inurl:"/wp-content/themes/aidreform/" + fofa-query: "wp-content/themes/footysquare/" + google-query: inurl:"/wp-content/themes/footysquare/" shodan-query: 'vuln:CVE-2022-0316' - tags: cve,wordpress,wp-theme,aidreform,critical + tags: cve,wordpress,wp-theme,footysquare,critical http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/themes/aidreform/style.css" + - "{{BaseURL}}/wp-content/themes/footysquare/style.css" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "aidreform" + - "footysquare" part: body - type: dsl diff --git a/nuclei-templates/2022/CVE-2022-0316-bdf7d8d3879b3df55692e9f6d801e458.yaml b/nuclei-templates/2022/CVE-2022-0316-bdf7d8d3879b3df55692e9f6d801e458.yaml new file mode 100644 index 0000000000..15300b2d01 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-0316-bdf7d8d3879b3df55692e9f6d801e458.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-0316-bdf7d8d3879b3df55692e9f6d801e458 + +info: + name: > + Themes from Chimpstudio and Pixfill (Various Versions) - Unauthenticated Arbitrary File Upload + author: topscoder + severity: critical + description: > + Several themes from Chimpstudio and Pixfill are vulnerable to arbitrary file uploads due to missing file type validation and authorization in various versions. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8e3c45ac-44c0-47e1-81af-65014f064513?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2022-0316 + metadata: + fofa-query: "wp-content/themes/westand/" + google-query: inurl:"/wp-content/themes/westand/" + shodan-query: 'vuln:CVE-2022-0316' + tags: cve,wordpress,wp-theme,westand,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/westand/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "westand" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-0412-1bae2e5620980bd30c776236c425afef.yaml b/nuclei-templates/2022/CVE-2022-0412-1bae2e5620980bd30c776236c425afef.yaml index 94b057fe1d..087332e9a8 100644 --- a/nuclei-templates/2022/CVE-2022-0412-1bae2e5620980bd30c776236c425afef.yaml +++ b/nuclei-templates/2022/CVE-2022-0412-1bae2e5620980bd30c776236c425afef.yaml @@ -15,17 +15,17 @@ info: cvss-score: 9.8 cve-id: CVE-2022-0412 metadata: - fofa-query: "wp-content/plugins/ti-woocommerce-wishlist/" - google-query: inurl:"/wp-content/plugins/ti-woocommerce-wishlist/" + fofa-query: "wp-content/plugins/ti-woocommerce-wishlist-premium/" + google-query: inurl:"/wp-content/plugins/ti-woocommerce-wishlist-premium/" shodan-query: 'vuln:CVE-2022-0412' - tags: cve,wordpress,wp-plugin,ti-woocommerce-wishlist,critical + tags: cve,wordpress,wp-plugin,ti-woocommerce-wishlist-premium,critical http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/ti-woocommerce-wishlist/readme.txt" + - "{{BaseURL}}/wp-content/plugins/ti-woocommerce-wishlist-premium/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "ti-woocommerce-wishlist" + - "ti-woocommerce-wishlist-premium" part: body - type: dsl diff --git a/nuclei-templates/2022/CVE-2022-0901-6dbc9a0956b2602796cb10122cb58ea6.yaml b/nuclei-templates/2022/CVE-2022-0901-6dbc9a0956b2602796cb10122cb58ea6.yaml index 562ede1d34..860bee803e 100644 --- a/nuclei-templates/2022/CVE-2022-0901-6dbc9a0956b2602796cb10122cb58ea6.yaml +++ b/nuclei-templates/2022/CVE-2022-0901-6dbc9a0956b2602796cb10122cb58ea6.yaml @@ -15,17 +15,17 @@ info: cvss-score: 6.1 cve-id: CVE-2022-0901 metadata: - fofa-query: "wp-content/plugins/ad-inserter/" - google-query: inurl:"/wp-content/plugins/ad-inserter/" + fofa-query: "wp-content/plugins/ad-inserter-pro/" + google-query: inurl:"/wp-content/plugins/ad-inserter-pro/" shodan-query: 'vuln:CVE-2022-0901' - tags: cve,wordpress,wp-plugin,ad-inserter,medium + tags: cve,wordpress,wp-plugin,ad-inserter-pro,medium http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/ad-inserter/readme.txt" + - "{{BaseURL}}/wp-content/plugins/ad-inserter-pro/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "ad-inserter" + - "ad-inserter-pro" part: body - type: dsl diff --git a/nuclei-templates/2022/CVE-2022-1538-cc3ef2dabf333a014605fb636408ec52.yaml b/nuclei-templates/2022/CVE-2022-1538-cc3ef2dabf333a014605fb636408ec52.yaml index 86b570c504..0a7aab1d0a 100644 --- a/nuclei-templates/2022/CVE-2022-1538-cc3ef2dabf333a014605fb636408ec52.yaml +++ b/nuclei-templates/2022/CVE-2022-1538-cc3ef2dabf333a014605fb636408ec52.yaml @@ -2,11 +2,11 @@ id: CVE-2022-1538-cc3ef2dabf333a014605fb636408ec52 info: name: > - Theme Demo Import <= 1.1.1 - Authenticated (Administrator+) Arbitrary File Upload + Theme Demo Import <= 1.1.3 - Authenticated (Administrator+) Arbitrary File Upload author: topscoder severity: low description: > - The Theme Demo Import plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the ~/upload.php file in versions up to, and including, 1.1.1. This makes it possible for authenticated attackers, with administrator-level permissions and above, to upload arbitrary files on the affected sites server which may make remote code execution possible. This issue is not patched in version 1.1.1 due to the fact that the extension checking was only applied client-side. + The Theme Demo Import plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the ~/upload.php file in versions up to, and including, 1.1.3. This makes it possible for authenticated attackers, with administrator-level permissions and above, to upload arbitrary files on the affected sites server which may make remote code execution possible. This issue is not patched in version 1.1.3 due to the fact that the extension checking was only applied client-side. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/a9636b15-1259-4c6e-8691-b1d573ef0417?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 1.1.1') \ No newline at end of file + - compare_versions(version, '<= 1.1.3') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-1656-baa4472e47b2180c8337bf3bf4eadd45.yaml b/nuclei-templates/2022/CVE-2022-1656-baa4472e47b2180c8337bf3bf4eadd45.yaml index e7d4ca3698..f3ed06dd79 100644 --- a/nuclei-templates/2022/CVE-2022-1656-baa4472e47b2180c8337bf3bf4eadd45.yaml +++ b/nuclei-templates/2022/CVE-2022-1656-baa4472e47b2180c8337bf3bf4eadd45.yaml @@ -15,17 +15,17 @@ info: cvss-score: 6.5 cve-id: CVE-2022-1656 metadata: - fofa-query: "wp-content/plugins/jupiterx-core/" - google-query: inurl:"/wp-content/plugins/jupiterx-core/" + fofa-query: "wp-content/themes/jupiterx/" + google-query: inurl:"/wp-content/themes/jupiterx/" shodan-query: 'vuln:CVE-2022-1656' - tags: cve,wordpress,wp-plugin,jupiterx-core,low + tags: cve,wordpress,wp-theme,jupiterx,low http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/jupiterx-core/readme.txt" + - "{{BaseURL}}/wp-content/themes/jupiterx/style.css" extractors: - type: regex @@ -34,14 +34,14 @@ http: group: 1 internal: true regex: - - "(?mi)Stable tag: ([0-9.]+)" + - "(?mi)Version: ([0-9.]+)" - type: regex name: version part: body group: 1 regex: - - "(?mi)Stable tag: ([0-9.]+)" + - "(?mi)Version: ([0-9.]+)" matchers-condition: and matchers: @@ -51,7 +51,7 @@ http: - type: word words: - - "jupiterx-core" + - "jupiterx" part: body - type: dsl diff --git a/nuclei-templates/2022/CVE-2022-1772-66052fca901fc6ec6f767ef4f0522ca1.yaml b/nuclei-templates/2022/CVE-2022-1772-66052fca901fc6ec6f767ef4f0522ca1.yaml index f216404162..465e28d2ca 100644 --- a/nuclei-templates/2022/CVE-2022-1772-66052fca901fc6ec6f767ef4f0522ca1.yaml +++ b/nuclei-templates/2022/CVE-2022-1772-66052fca901fc6ec6f767ef4f0522ca1.yaml @@ -15,17 +15,17 @@ info: cvss-score: 5.5 cve-id: CVE-2022-1772 metadata: - fofa-query: "wp-content/plugins/UNKNOWN-CVE-2022-1772/" - google-query: inurl:"/wp-content/plugins/UNKNOWN-CVE-2022-1772/" + fofa-query: "wp-content/plugins/google-places-reviews/" + google-query: inurl:"/wp-content/plugins/google-places-reviews/" shodan-query: 'vuln:CVE-2022-1772' - tags: cve,wordpress,wp-plugin,UNKNOWN-CVE-2022-1772,low + tags: cve,wordpress,wp-plugin,google-places-reviews,low http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/UNKNOWN-CVE-2022-1772/readme.txt" + - "{{BaseURL}}/wp-content/plugins/google-places-reviews/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "UNKNOWN-CVE-2022-1772" + - "google-places-reviews" part: body - type: dsl diff --git a/nuclei-templates/2022/CVE-2022-2267-51c3506b0806d95fd2bc41bf7572de72.yaml b/nuclei-templates/2022/CVE-2022-2267-51c3506b0806d95fd2bc41bf7572de72.yaml index 4b77d3a340..16e404ff98 100644 --- a/nuclei-templates/2022/CVE-2022-2267-51c3506b0806d95fd2bc41bf7572de72.yaml +++ b/nuclei-templates/2022/CVE-2022-2267-51c3506b0806d95fd2bc41bf7572de72.yaml @@ -11,8 +11,8 @@ info: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/533bf4ba-5929-475e-ac98-43d97288cdfe?source=api-prod classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N - cvss-score: 5.3 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N + cvss-score: 4.3 cve-id: CVE-2022-2267 metadata: fofa-query: "wp-content/plugins/mailchimp-for-woocommerce/" diff --git a/nuclei-templates/2022/CVE-2022-23183-427815ed2772d79710455cbccd17237e.yaml b/nuclei-templates/2022/CVE-2022-23183-427815ed2772d79710455cbccd17237e.yaml index 9269b77575..a5611b24d8 100644 --- a/nuclei-templates/2022/CVE-2022-23183-427815ed2772d79710455cbccd17237e.yaml +++ b/nuclei-templates/2022/CVE-2022-23183-427815ed2772d79710455cbccd17237e.yaml @@ -15,17 +15,17 @@ info: cvss-score: 6.5 cve-id: CVE-2022-23183 metadata: - fofa-query: "wp-content/plugins/advanced-custom-fields/" - google-query: inurl:"/wp-content/plugins/advanced-custom-fields/" + fofa-query: "wp-content/plugins/advanced-custom-fields-pro/" + google-query: inurl:"/wp-content/plugins/advanced-custom-fields-pro/" shodan-query: 'vuln:CVE-2022-23183' - tags: cve,wordpress,wp-plugin,advanced-custom-fields,low + tags: cve,wordpress,wp-plugin,advanced-custom-fields-pro,low http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/advanced-custom-fields/readme.txt" + - "{{BaseURL}}/wp-content/plugins/advanced-custom-fields-pro/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "advanced-custom-fields" + - "advanced-custom-fields-pro" part: body - type: dsl diff --git a/nuclei-templates/2022/CVE-2022-23975-047c1d3bea2e49fd11c02becd4c903ab.yaml b/nuclei-templates/2022/CVE-2022-23975-047c1d3bea2e49fd11c02becd4c903ab.yaml new file mode 100644 index 0000000000..07083030af --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-23975-047c1d3bea2e49fd11c02becd4c903ab.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-23975-047c1d3bea2e49fd11c02becd4c903ab + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Missing Authorization to Arbitrary Plugin Deactivation/Activation + author: topscoder + severity: low + description: > + A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to unauthorized plugin deactivation and activation via the plugin_activation_callback and plugin_deactivate_callback functions called via AJAX actions that were missing capability checks and nonce validation. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to deactivate and activate arbitrary plugins. This could be used to deactivate security plugins and exploit other potential vulnerabilities. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e15727a-35c4-42c0-9997-cdcd40ac8e5f?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2022-23975 + metadata: + fofa-query: "wp-content/themes/arrival/" + google-query: inurl:"/wp-content/themes/arrival/" + shodan-query: 'vuln:CVE-2022-23975' + tags: cve,wordpress,wp-theme,arrival,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/arrival/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "arrival" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.2') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-23975-1b3eb79298efa5971048a162d4aefeaf.yaml b/nuclei-templates/2022/CVE-2022-23975-1b3eb79298efa5971048a162d4aefeaf.yaml new file mode 100644 index 0000000000..a9d801347a --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-23975-1b3eb79298efa5971048a162d4aefeaf.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-23975-1b3eb79298efa5971048a162d4aefeaf + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Missing Authorization to Arbitrary Plugin Deactivation/Activation + author: topscoder + severity: low + description: > + A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to unauthorized plugin deactivation and activation via the plugin_activation_callback and plugin_deactivate_callback functions called via AJAX actions that were missing capability checks and nonce validation. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to deactivate and activate arbitrary plugins. This could be used to deactivate security plugins and exploit other potential vulnerabilities. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e15727a-35c4-42c0-9997-cdcd40ac8e5f?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2022-23975 + metadata: + fofa-query: "wp-content/themes/fotography/" + google-query: inurl:"/wp-content/themes/fotography/" + shodan-query: 'vuln:CVE-2022-23975' + tags: cve,wordpress,wp-theme,fotography,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/fotography/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fotography" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.0') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-23975-25e19cc3b7b8ed3f0892be38832c22c4.yaml b/nuclei-templates/2022/CVE-2022-23975-25e19cc3b7b8ed3f0892be38832c22c4.yaml new file mode 100644 index 0000000000..577295f70e --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-23975-25e19cc3b7b8ed3f0892be38832c22c4.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-23975-25e19cc3b7b8ed3f0892be38832c22c4 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Missing Authorization to Arbitrary Plugin Deactivation/Activation + author: topscoder + severity: low + description: > + A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to unauthorized plugin deactivation and activation via the plugin_activation_callback and plugin_deactivate_callback functions called via AJAX actions that were missing capability checks and nonce validation. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to deactivate and activate arbitrary plugins. This could be used to deactivate security plugins and exploit other potential vulnerabilities. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e15727a-35c4-42c0-9997-cdcd40ac8e5f?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2022-23975 + metadata: + fofa-query: "wp-content/themes/accesspress-basic/" + google-query: inurl:"/wp-content/themes/accesspress-basic/" + shodan-query: 'vuln:CVE-2022-23975' + tags: cve,wordpress,wp-theme,accesspress-basic,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/accesspress-basic/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "accesspress-basic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.1') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-23975-279b81f92d82319f02f31b5b59e07540.yaml b/nuclei-templates/2022/CVE-2022-23975-279b81f92d82319f02f31b5b59e07540.yaml new file mode 100644 index 0000000000..8e505add76 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-23975-279b81f92d82319f02f31b5b59e07540.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-23975-279b81f92d82319f02f31b5b59e07540 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Missing Authorization to Arbitrary Plugin Deactivation/Activation + author: topscoder + severity: low + description: > + A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to unauthorized plugin deactivation and activation via the plugin_activation_callback and plugin_deactivate_callback functions called via AJAX actions that were missing capability checks and nonce validation. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to deactivate and activate arbitrary plugins. This could be used to deactivate security plugins and exploit other potential vulnerabilities. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e15727a-35c4-42c0-9997-cdcd40ac8e5f?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2022-23975 + metadata: + fofa-query: "wp-content/themes/eightmedi-lite/" + google-query: inurl:"/wp-content/themes/eightmedi-lite/" + shodan-query: 'vuln:CVE-2022-23975' + tags: cve,wordpress,wp-theme,eightmedi-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/eightmedi-lite/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "eightmedi-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.8') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-23975-324b5bd2d9d16d5417e3a857f911288d.yaml b/nuclei-templates/2022/CVE-2022-23975-324b5bd2d9d16d5417e3a857f911288d.yaml new file mode 100644 index 0000000000..61fb14e073 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-23975-324b5bd2d9d16d5417e3a857f911288d.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-23975-324b5bd2d9d16d5417e3a857f911288d + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Missing Authorization to Arbitrary Plugin Deactivation/Activation + author: topscoder + severity: low + description: > + A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to unauthorized plugin deactivation and activation via the plugin_activation_callback and plugin_deactivate_callback functions called via AJAX actions that were missing capability checks and nonce validation. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to deactivate and activate arbitrary plugins. This could be used to deactivate security plugins and exploit other potential vulnerabilities. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e15727a-35c4-42c0-9997-cdcd40ac8e5f?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2022-23975 + metadata: + fofa-query: "wp-content/themes/vmag/" + google-query: inurl:"/wp-content/themes/vmag/" + shodan-query: 'vuln:CVE-2022-23975' + tags: cve,wordpress,wp-theme,vmag,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/vmag/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "vmag" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.7') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-23975-4492eb2798ccb1d35cbaac781e0f63bc.yaml b/nuclei-templates/2022/CVE-2022-23975-4492eb2798ccb1d35cbaac781e0f63bc.yaml new file mode 100644 index 0000000000..05d7cf8508 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-23975-4492eb2798ccb1d35cbaac781e0f63bc.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-23975-4492eb2798ccb1d35cbaac781e0f63bc + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Missing Authorization to Arbitrary Plugin Deactivation/Activation + author: topscoder + severity: low + description: > + A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to unauthorized plugin deactivation and activation via the plugin_activation_callback and plugin_deactivate_callback functions called via AJAX actions that were missing capability checks and nonce validation. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to deactivate and activate arbitrary plugins. This could be used to deactivate security plugins and exploit other potential vulnerabilities. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e15727a-35c4-42c0-9997-cdcd40ac8e5f?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2022-23975 + metadata: + fofa-query: "wp-content/themes/wp-store/" + google-query: inurl:"/wp-content/themes/wp-store/" + shodan-query: 'vuln:CVE-2022-23975' + tags: cve,wordpress,wp-theme,wp-store,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/wp-store/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-store" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.9') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-23975-4f1bed4acc7c7b2c15792e3b5769c0b5.yaml b/nuclei-templates/2022/CVE-2022-23975-4f1bed4acc7c7b2c15792e3b5769c0b5.yaml index ad80da3e18..b76304a4b8 100644 --- a/nuclei-templates/2022/CVE-2022-23975-4f1bed4acc7c7b2c15792e3b5769c0b5.yaml +++ b/nuclei-templates/2022/CVE-2022-23975-4f1bed4acc7c7b2c15792e3b5769c0b5.yaml @@ -15,17 +15,17 @@ info: cvss-score: 8.8 cve-id: CVE-2022-23975 metadata: - fofa-query: "wp-content/themes/the-monday/" - google-query: inurl:"/wp-content/themes/the-monday/" + fofa-query: "wp-content/themes/edict-lite/" + google-query: inurl:"/wp-content/themes/edict-lite/" shodan-query: 'vuln:CVE-2022-23975' - tags: cve,wordpress,wp-theme,the-monday,low + tags: cve,wordpress,wp-theme,edict-lite,low http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/themes/the-monday/style.css" + - "{{BaseURL}}/wp-content/themes/edict-lite/style.css" extractors: - type: regex @@ -51,9 +51,9 @@ http: - type: word words: - - "the-monday" + - "edict-lite" part: body - type: dsl dsl: - - compare_versions(version, '<= 1.4.1') \ No newline at end of file + - compare_versions(version, '<= 1.1.4') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-23975-5172afcac3de8d8f1c5a3e4417091afc.yaml b/nuclei-templates/2022/CVE-2022-23975-5172afcac3de8d8f1c5a3e4417091afc.yaml new file mode 100644 index 0000000000..0321a41d4f --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-23975-5172afcac3de8d8f1c5a3e4417091afc.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-23975-5172afcac3de8d8f1c5a3e4417091afc + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Missing Authorization to Arbitrary Plugin Deactivation/Activation + author: topscoder + severity: low + description: > + A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to unauthorized plugin deactivation and activation via the plugin_activation_callback and plugin_deactivate_callback functions called via AJAX actions that were missing capability checks and nonce validation. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to deactivate and activate arbitrary plugins. This could be used to deactivate security plugins and exploit other potential vulnerabilities. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e15727a-35c4-42c0-9997-cdcd40ac8e5f?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2022-23975 + metadata: + fofa-query: "wp-content/themes/digital-agency-lite/" + google-query: inurl:"/wp-content/themes/digital-agency-lite/" + shodan-query: 'vuln:CVE-2022-23975' + tags: cve,wordpress,wp-theme,digital-agency-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/digital-agency-lite/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "digital-agency-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.6') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-23975-517df0545694ae631a58dc62c176efd7.yaml b/nuclei-templates/2022/CVE-2022-23975-517df0545694ae631a58dc62c176efd7.yaml new file mode 100644 index 0000000000..68348b7ab4 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-23975-517df0545694ae631a58dc62c176efd7.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-23975-517df0545694ae631a58dc62c176efd7 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Missing Authorization to Arbitrary Plugin Deactivation/Activation + author: topscoder + severity: low + description: > + A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to unauthorized plugin deactivation and activation via the plugin_activation_callback and plugin_deactivate_callback functions called via AJAX actions that were missing capability checks and nonce validation. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to deactivate and activate arbitrary plugins. This could be used to deactivate security plugins and exploit other potential vulnerabilities. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e15727a-35c4-42c0-9997-cdcd40ac8e5f?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2022-23975 + metadata: + fofa-query: "wp-content/themes/punte/" + google-query: inurl:"/wp-content/themes/punte/" + shodan-query: 'vuln:CVE-2022-23975' + tags: cve,wordpress,wp-theme,punte,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/punte/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "punte" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-23975-54debd89de9efeda0da9907570c12386.yaml b/nuclei-templates/2022/CVE-2022-23975-54debd89de9efeda0da9907570c12386.yaml new file mode 100644 index 0000000000..e44578e49f --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-23975-54debd89de9efeda0da9907570c12386.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-23975-54debd89de9efeda0da9907570c12386 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Missing Authorization to Arbitrary Plugin Deactivation/Activation + author: topscoder + severity: low + description: > + A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to unauthorized plugin deactivation and activation via the plugin_activation_callback and plugin_deactivate_callback functions called via AJAX actions that were missing capability checks and nonce validation. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to deactivate and activate arbitrary plugins. This could be used to deactivate security plugins and exploit other potential vulnerabilities. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e15727a-35c4-42c0-9997-cdcd40ac8e5f?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2022-23975 + metadata: + fofa-query: "wp-content/themes/zigcy-lite/" + google-query: inurl:"/wp-content/themes/zigcy-lite/" + shodan-query: 'vuln:CVE-2022-23975' + tags: cve,wordpress,wp-theme,zigcy-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/zigcy-lite/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "zigcy-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.9') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-23975-7792ae6dd774b494e4f1531ce3d2c272.yaml b/nuclei-templates/2022/CVE-2022-23975-7792ae6dd774b494e4f1531ce3d2c272.yaml new file mode 100644 index 0000000000..83725ec6f1 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-23975-7792ae6dd774b494e4f1531ce3d2c272.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-23975-7792ae6dd774b494e4f1531ce3d2c272 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Missing Authorization to Arbitrary Plugin Deactivation/Activation + author: topscoder + severity: low + description: > + A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to unauthorized plugin deactivation and activation via the plugin_activation_callback and plugin_deactivate_callback functions called via AJAX actions that were missing capability checks and nonce validation. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to deactivate and activate arbitrary plugins. This could be used to deactivate security plugins and exploit other potential vulnerabilities. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e15727a-35c4-42c0-9997-cdcd40ac8e5f?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2022-23975 + metadata: + fofa-query: "wp-content/themes/accesspress-parallax-new/" + google-query: inurl:"/wp-content/themes/accesspress-parallax-new/" + shodan-query: 'vuln:CVE-2022-23975' + tags: cve,wordpress,wp-theme,accesspress-parallax-new,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/accesspress-parallax-new/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "accesspress-parallax-new" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.5') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-23975-7c5aad4281c176c908a163e8fb022c4b.yaml b/nuclei-templates/2022/CVE-2022-23975-7c5aad4281c176c908a163e8fb022c4b.yaml new file mode 100644 index 0000000000..b1a6421b75 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-23975-7c5aad4281c176c908a163e8fb022c4b.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-23975-7c5aad4281c176c908a163e8fb022c4b + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Missing Authorization to Arbitrary Plugin Deactivation/Activation + author: topscoder + severity: low + description: > + A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to unauthorized plugin deactivation and activation via the plugin_activation_callback and plugin_deactivate_callback functions called via AJAX actions that were missing capability checks and nonce validation. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to deactivate and activate arbitrary plugins. This could be used to deactivate security plugins and exploit other potential vulnerabilities. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e15727a-35c4-42c0-9997-cdcd40ac8e5f?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2022-23975 + metadata: + fofa-query: "wp-content/themes/accesspress-lite/" + google-query: inurl:"/wp-content/themes/accesspress-lite/" + shodan-query: 'vuln:CVE-2022-23975' + tags: cve,wordpress,wp-theme,accesspress-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/accesspress-lite/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "accesspress-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.92') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-23975-7f1efa3deec2ca6fdd5028ca84c5bcef.yaml b/nuclei-templates/2022/CVE-2022-23975-7f1efa3deec2ca6fdd5028ca84c5bcef.yaml new file mode 100644 index 0000000000..020918843a --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-23975-7f1efa3deec2ca6fdd5028ca84c5bcef.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-23975-7f1efa3deec2ca6fdd5028ca84c5bcef + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Missing Authorization to Arbitrary Plugin Deactivation/Activation + author: topscoder + severity: low + description: > + A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to unauthorized plugin deactivation and activation via the plugin_activation_callback and plugin_deactivate_callback functions called via AJAX actions that were missing capability checks and nonce validation. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to deactivate and activate arbitrary plugins. This could be used to deactivate security plugins and exploit other potential vulnerabilities. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e15727a-35c4-42c0-9997-cdcd40ac8e5f?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2022-23975 + metadata: + fofa-query: "wp-content/themes/sakala/" + google-query: inurl:"/wp-content/themes/sakala/" + shodan-query: 'vuln:CVE-2022-23975' + tags: cve,wordpress,wp-theme,sakala,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/sakala/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sakala" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.4') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-23975-8f94d20b6dd8c98decc6da3b2fdafb04.yaml b/nuclei-templates/2022/CVE-2022-23975-8f94d20b6dd8c98decc6da3b2fdafb04.yaml new file mode 100644 index 0000000000..55922858db --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-23975-8f94d20b6dd8c98decc6da3b2fdafb04.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-23975-8f94d20b6dd8c98decc6da3b2fdafb04 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Missing Authorization to Arbitrary Plugin Deactivation/Activation + author: topscoder + severity: low + description: > + A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to unauthorized plugin deactivation and activation via the plugin_activation_callback and plugin_deactivate_callback functions called via AJAX actions that were missing capability checks and nonce validation. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to deactivate and activate arbitrary plugins. This could be used to deactivate security plugins and exploit other potential vulnerabilities. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e15727a-35c4-42c0-9997-cdcd40ac8e5f?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2022-23975 + metadata: + fofa-query: "wp-content/themes/bloger/" + google-query: inurl:"/wp-content/themes/bloger/" + shodan-query: 'vuln:CVE-2022-23975' + tags: cve,wordpress,wp-theme,bloger,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/bloger/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bloger" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.6') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-23975-90037074d159bec415459135064cc44d.yaml b/nuclei-templates/2022/CVE-2022-23975-90037074d159bec415459135064cc44d.yaml new file mode 100644 index 0000000000..7ba761205f --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-23975-90037074d159bec415459135064cc44d.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-23975-90037074d159bec415459135064cc44d + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Missing Authorization to Arbitrary Plugin Deactivation/Activation + author: topscoder + severity: low + description: > + A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to unauthorized plugin deactivation and activation via the plugin_activation_callback and plugin_deactivate_callback functions called via AJAX actions that were missing capability checks and nonce validation. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to deactivate and activate arbitrary plugins. This could be used to deactivate security plugins and exploit other potential vulnerabilities. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e15727a-35c4-42c0-9997-cdcd40ac8e5f?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2022-23975 + metadata: + fofa-query: "wp-content/themes/vmagazine-news/" + google-query: inurl:"/wp-content/themes/vmagazine-news/" + shodan-query: 'vuln:CVE-2022-23975' + tags: cve,wordpress,wp-theme,vmagazine-news,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/vmagazine-news/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "vmagazine-news" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.5') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-23975-901b816738b7ce8977d18baee42e15ca.yaml b/nuclei-templates/2022/CVE-2022-23975-901b816738b7ce8977d18baee42e15ca.yaml new file mode 100644 index 0000000000..24d8aeefbd --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-23975-901b816738b7ce8977d18baee42e15ca.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-23975-901b816738b7ce8977d18baee42e15ca + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Missing Authorization to Arbitrary Plugin Deactivation/Activation + author: topscoder + severity: low + description: > + A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to unauthorized plugin deactivation and activation via the plugin_activation_callback and plugin_deactivate_callback functions called via AJAX actions that were missing capability checks and nonce validation. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to deactivate and activate arbitrary plugins. This could be used to deactivate security plugins and exploit other potential vulnerabilities. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e15727a-35c4-42c0-9997-cdcd40ac8e5f?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2022-23975 + metadata: + fofa-query: "wp-content/themes/enlighten/" + google-query: inurl:"/wp-content/themes/enlighten/" + shodan-query: 'vuln:CVE-2022-23975' + tags: cve,wordpress,wp-theme,enlighten,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/enlighten/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "enlighten" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.5') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-23975-905571014a031caeaab8f8760d3add8f.yaml b/nuclei-templates/2022/CVE-2022-23975-905571014a031caeaab8f8760d3add8f.yaml new file mode 100644 index 0000000000..f6051af8aa --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-23975-905571014a031caeaab8f8760d3add8f.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-23975-905571014a031caeaab8f8760d3add8f + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Missing Authorization to Arbitrary Plugin Deactivation/Activation + author: topscoder + severity: low + description: > + A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to unauthorized plugin deactivation and activation via the plugin_activation_callback and plugin_deactivate_callback functions called via AJAX actions that were missing capability checks and nonce validation. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to deactivate and activate arbitrary plugins. This could be used to deactivate security plugins and exploit other potential vulnerabilities. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e15727a-35c4-42c0-9997-cdcd40ac8e5f?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2022-23975 + metadata: + fofa-query: "wp-content/themes/accesspress-mag/" + google-query: inurl:"/wp-content/themes/accesspress-mag/" + shodan-query: 'vuln:CVE-2022-23975' + tags: cve,wordpress,wp-theme,accesspress-mag,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/accesspress-mag/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "accesspress-mag" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.5') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-23975-99287d5bc01656bc6ddc581cd36a3c55.yaml b/nuclei-templates/2022/CVE-2022-23975-99287d5bc01656bc6ddc581cd36a3c55.yaml new file mode 100644 index 0000000000..e8ced815ea --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-23975-99287d5bc01656bc6ddc581cd36a3c55.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-23975-99287d5bc01656bc6ddc581cd36a3c55 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Missing Authorization to Arbitrary Plugin Deactivation/Activation + author: topscoder + severity: low + description: > + A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to unauthorized plugin deactivation and activation via the plugin_activation_callback and plugin_deactivate_callback functions called via AJAX actions that were missing capability checks and nonce validation. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to deactivate and activate arbitrary plugins. This could be used to deactivate security plugins and exploit other potential vulnerabilities. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e15727a-35c4-42c0-9997-cdcd40ac8e5f?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2022-23975 + metadata: + fofa-query: "wp-content/themes/storevilla/" + google-query: inurl:"/wp-content/themes/storevilla/" + shodan-query: 'vuln:CVE-2022-23975' + tags: cve,wordpress,wp-theme,storevilla,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/storevilla/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "storevilla" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.1') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-23975-9a827950d3aa39924a2cfb94148f394f.yaml b/nuclei-templates/2022/CVE-2022-23975-9a827950d3aa39924a2cfb94148f394f.yaml new file mode 100644 index 0000000000..11876022db --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-23975-9a827950d3aa39924a2cfb94148f394f.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-23975-9a827950d3aa39924a2cfb94148f394f + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Missing Authorization to Arbitrary Plugin Deactivation/Activation + author: topscoder + severity: low + description: > + A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to unauthorized plugin deactivation and activation via the plugin_activation_callback and plugin_deactivate_callback functions called via AJAX actions that were missing capability checks and nonce validation. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to deactivate and activate arbitrary plugins. This could be used to deactivate security plugins and exploit other potential vulnerabilities. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e15727a-35c4-42c0-9997-cdcd40ac8e5f?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2022-23975 + metadata: + fofa-query: "wp-content/themes/accesspress-root/" + google-query: inurl:"/wp-content/themes/accesspress-root/" + shodan-query: 'vuln:CVE-2022-23975' + tags: cve,wordpress,wp-theme,accesspress-root,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/accesspress-root/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "accesspress-root" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-23975-9ed6f5631a25d2be55e29073a1eb44f8.yaml b/nuclei-templates/2022/CVE-2022-23975-9ed6f5631a25d2be55e29073a1eb44f8.yaml new file mode 100644 index 0000000000..e9d2326876 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-23975-9ed6f5631a25d2be55e29073a1eb44f8.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-23975-9ed6f5631a25d2be55e29073a1eb44f8 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Missing Authorization to Arbitrary Plugin Deactivation/Activation + author: topscoder + severity: low + description: > + A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to unauthorized plugin deactivation and activation via the plugin_activation_callback and plugin_deactivate_callback functions called via AJAX actions that were missing capability checks and nonce validation. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to deactivate and activate arbitrary plugins. This could be used to deactivate security plugins and exploit other potential vulnerabilities. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e15727a-35c4-42c0-9997-cdcd40ac8e5f?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2022-23975 + metadata: + fofa-query: "wp-content/themes/zigcy-baby/" + google-query: inurl:"/wp-content/themes/zigcy-baby/" + shodan-query: 'vuln:CVE-2022-23975' + tags: cve,wordpress,wp-theme,zigcy-baby,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/zigcy-baby/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "zigcy-baby" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.6') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-23975-aa2fc6295f468deb7b506e628ec859d5.yaml b/nuclei-templates/2022/CVE-2022-23975-aa2fc6295f468deb7b506e628ec859d5.yaml new file mode 100644 index 0000000000..819e521f38 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-23975-aa2fc6295f468deb7b506e628ec859d5.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-23975-aa2fc6295f468deb7b506e628ec859d5 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Missing Authorization to Arbitrary Plugin Deactivation/Activation + author: topscoder + severity: low + description: > + A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to unauthorized plugin deactivation and activation via the plugin_activation_callback and plugin_deactivate_callback functions called via AJAX actions that were missing capability checks and nonce validation. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to deactivate and activate arbitrary plugins. This could be used to deactivate security plugins and exploit other potential vulnerabilities. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e15727a-35c4-42c0-9997-cdcd40ac8e5f?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2022-23975 + metadata: + fofa-query: "wp-content/themes/eightlaw-lite/" + google-query: inurl:"/wp-content/themes/eightlaw-lite/" + shodan-query: 'vuln:CVE-2022-23975' + tags: cve,wordpress,wp-theme,eightlaw-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/eightlaw-lite/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "eightlaw-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.5') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-23975-c0429e7778e0b2704e8a3648967ad159.yaml b/nuclei-templates/2022/CVE-2022-23975-c0429e7778e0b2704e8a3648967ad159.yaml new file mode 100644 index 0000000000..4188ee1689 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-23975-c0429e7778e0b2704e8a3648967ad159.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-23975-c0429e7778e0b2704e8a3648967ad159 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Missing Authorization to Arbitrary Plugin Deactivation/Activation + author: topscoder + severity: low + description: > + A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to unauthorized plugin deactivation and activation via the plugin_activation_callback and plugin_deactivate_callback functions called via AJAX actions that were missing capability checks and nonce validation. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to deactivate and activate arbitrary plugins. This could be used to deactivate security plugins and exploit other potential vulnerabilities. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e15727a-35c4-42c0-9997-cdcd40ac8e5f?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2022-23975 + metadata: + fofa-query: "wp-content/themes/parallaxsome/" + google-query: inurl:"/wp-content/themes/parallaxsome/" + shodan-query: 'vuln:CVE-2022-23975' + tags: cve,wordpress,wp-theme,parallaxsome,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/parallaxsome/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "parallaxsome" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.6') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-23975-c38da74c3a51a65bbd07713ec8971050.yaml b/nuclei-templates/2022/CVE-2022-23975-c38da74c3a51a65bbd07713ec8971050.yaml new file mode 100644 index 0000000000..d1c203f0b4 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-23975-c38da74c3a51a65bbd07713ec8971050.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-23975-c38da74c3a51a65bbd07713ec8971050 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Missing Authorization to Arbitrary Plugin Deactivation/Activation + author: topscoder + severity: low + description: > + A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to unauthorized plugin deactivation and activation via the plugin_activation_callback and plugin_deactivate_callback functions called via AJAX actions that were missing capability checks and nonce validation. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to deactivate and activate arbitrary plugins. This could be used to deactivate security plugins and exploit other potential vulnerabilities. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e15727a-35c4-42c0-9997-cdcd40ac8e5f?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2022-23975 + metadata: + fofa-query: "wp-content/themes/the-launcher/" + google-query: inurl:"/wp-content/themes/the-launcher/" + shodan-query: 'vuln:CVE-2022-23975' + tags: cve,wordpress,wp-theme,the-launcher,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/the-launcher/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "the-launcher" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.2') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-23975-e2bd4adb68d206eb5b5893727bf7b65b.yaml b/nuclei-templates/2022/CVE-2022-23975-e2bd4adb68d206eb5b5893727bf7b65b.yaml new file mode 100644 index 0000000000..b79546a164 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-23975-e2bd4adb68d206eb5b5893727bf7b65b.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-23975-e2bd4adb68d206eb5b5893727bf7b65b + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Missing Authorization to Arbitrary Plugin Deactivation/Activation + author: topscoder + severity: low + description: > + A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to unauthorized plugin deactivation and activation via the plugin_activation_callback and plugin_deactivate_callback functions called via AJAX actions that were missing capability checks and nonce validation. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to deactivate and activate arbitrary plugins. This could be used to deactivate security plugins and exploit other potential vulnerabilities. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e15727a-35c4-42c0-9997-cdcd40ac8e5f?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2022-23975 + metadata: + fofa-query: "wp-content/themes/accesspress-store/" + google-query: inurl:"/wp-content/themes/accesspress-store/" + shodan-query: 'vuln:CVE-2022-23975' + tags: cve,wordpress,wp-theme,accesspress-store,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/accesspress-store/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "accesspress-store" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.9') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-23975-f24624f2d872779c32df3d1ad09ca565.yaml b/nuclei-templates/2022/CVE-2022-23975-f24624f2d872779c32df3d1ad09ca565.yaml new file mode 100644 index 0000000000..9e9722cc04 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-23975-f24624f2d872779c32df3d1ad09ca565.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-23975-f24624f2d872779c32df3d1ad09ca565 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Missing Authorization to Arbitrary Plugin Deactivation/Activation + author: topscoder + severity: low + description: > + A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to unauthorized plugin deactivation and activation via the plugin_activation_callback and plugin_deactivate_callback functions called via AJAX actions that were missing capability checks and nonce validation. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to deactivate and activate arbitrary plugins. This could be used to deactivate security plugins and exploit other potential vulnerabilities. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e15727a-35c4-42c0-9997-cdcd40ac8e5f?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2022-23975 + metadata: + fofa-query: "wp-content/themes/construction-lite/" + google-query: inurl:"/wp-content/themes/construction-lite/" + shodan-query: 'vuln:CVE-2022-23975' + tags: cve,wordpress,wp-theme,construction-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/construction-lite/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "construction-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.5') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-23975-f4d3cd0fcbd4e6406b36f8577a16c7e1.yaml b/nuclei-templates/2022/CVE-2022-23975-f4d3cd0fcbd4e6406b36f8577a16c7e1.yaml new file mode 100644 index 0000000000..177edffe98 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-23975-f4d3cd0fcbd4e6406b36f8577a16c7e1.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-23975-f4d3cd0fcbd4e6406b36f8577a16c7e1 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Missing Authorization to Arbitrary Plugin Deactivation/Activation + author: topscoder + severity: low + description: > + A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to unauthorized plugin deactivation and activation via the plugin_activation_callback and plugin_deactivate_callback functions called via AJAX actions that were missing capability checks and nonce validation. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to deactivate and activate arbitrary plugins. This could be used to deactivate security plugins and exploit other potential vulnerabilities. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e15727a-35c4-42c0-9997-cdcd40ac8e5f?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2022-23975 + metadata: + fofa-query: "wp-content/themes/opstore/" + google-query: inurl:"/wp-content/themes/opstore/" + shodan-query: 'vuln:CVE-2022-23975' + tags: cve,wordpress,wp-theme,opstore,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/opstore/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "opstore" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.3') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-23987-259ae87d10352721808edc818f064e97.yaml b/nuclei-templates/2022/CVE-2022-23987-259ae87d10352721808edc818f064e97.yaml index c1c2eb5f1d..336ef39290 100644 --- a/nuclei-templates/2022/CVE-2022-23987-259ae87d10352721808edc818f064e97.yaml +++ b/nuclei-templates/2022/CVE-2022-23987-259ae87d10352721808edc818f064e97.yaml @@ -15,17 +15,17 @@ info: cvss-score: 4.8 cve-id: CVE-2022-23987 metadata: - fofa-query: "wp-content/plugins/ws-form/" - google-query: inurl:"/wp-content/plugins/ws-form/" + fofa-query: "wp-content/plugins/ws-form-pro/" + google-query: inurl:"/wp-content/plugins/ws-form-pro/" shodan-query: 'vuln:CVE-2022-23987' - tags: cve,wordpress,wp-plugin,ws-form,medium + tags: cve,wordpress,wp-plugin,ws-form-pro,medium http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/ws-form/readme.txt" + - "{{BaseURL}}/wp-content/plugins/ws-form-pro/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "ws-form" + - "ws-form-pro" part: body - type: dsl diff --git a/nuclei-templates/2022/CVE-2022-23988-b6c656c7e1c3954a65c20bc89c8b955e.yaml b/nuclei-templates/2022/CVE-2022-23988-b6c656c7e1c3954a65c20bc89c8b955e.yaml index f7e6ea9c40..c9807530ae 100644 --- a/nuclei-templates/2022/CVE-2022-23988-b6c656c7e1c3954a65c20bc89c8b955e.yaml +++ b/nuclei-templates/2022/CVE-2022-23988-b6c656c7e1c3954a65c20bc89c8b955e.yaml @@ -15,17 +15,17 @@ info: cvss-score: 7.2 cve-id: CVE-2022-23988 metadata: - fofa-query: "wp-content/plugins/ws-form/" - google-query: inurl:"/wp-content/plugins/ws-form/" + fofa-query: "wp-content/plugins/ws-form-pro/" + google-query: inurl:"/wp-content/plugins/ws-form-pro/" shodan-query: 'vuln:CVE-2022-23988' - tags: cve,wordpress,wp-plugin,ws-form,high + tags: cve,wordpress,wp-plugin,ws-form-pro,high http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/ws-form/readme.txt" + - "{{BaseURL}}/wp-content/plugins/ws-form-pro/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "ws-form" + - "ws-form-pro" part: body - type: dsl diff --git a/nuclei-templates/2022/CVE-2022-25858-2d9c5e5f7169618b034336362443c8d2.yaml b/nuclei-templates/2022/CVE-2022-25858-2d9c5e5f7169618b034336362443c8d2.yaml index 9753675220..3be096f9b8 100644 --- a/nuclei-templates/2022/CVE-2022-25858-2d9c5e5f7169618b034336362443c8d2.yaml +++ b/nuclei-templates/2022/CVE-2022-25858-2d9c5e5f7169618b034336362443c8d2.yaml @@ -15,17 +15,17 @@ info: cvss-score: 5.3 cve-id: CVE-2022-25858 metadata: - fofa-query: "wp-content/plugins/retro-winamp-block/" - google-query: inurl:"/wp-content/plugins/retro-winamp-block/" + fofa-query: "wp-content/plugins/autoshare-for-twitter/" + google-query: inurl:"/wp-content/plugins/autoshare-for-twitter/" shodan-query: 'vuln:CVE-2022-25858' - tags: cve,wordpress,wp-plugin,retro-winamp-block,medium + tags: cve,wordpress,wp-plugin,autoshare-for-twitter,medium http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/retro-winamp-block/readme.txt" + - "{{BaseURL}}/wp-content/plugins/autoshare-for-twitter/readme.txt" extractors: - type: regex @@ -51,9 +51,9 @@ http: - type: word words: - - "retro-winamp-block" + - "autoshare-for-twitter" part: body - type: dsl dsl: - - compare_versions(version, '<= 1.1.0') \ No newline at end of file + - compare_versions(version, '<= 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-27856-9b81af7ccd462462d982d92b6a04b9ef.yaml b/nuclei-templates/2022/CVE-2022-27856-9b81af7ccd462462d982d92b6a04b9ef.yaml index 064a95d8d8..fd29fe3d36 100644 --- a/nuclei-templates/2022/CVE-2022-27856-9b81af7ccd462462d982d92b6a04b9ef.yaml +++ b/nuclei-templates/2022/CVE-2022-27856-9b81af7ccd462462d982d92b6a04b9ef.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: low description: > - The Export All URLs plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + The Export All URLs plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2022-29452 appears to be a duplicate of this issue. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/c14b1d49-efea-4c09-9448-533223c6d2e8?source=api-prod diff --git a/nuclei-templates/2022/CVE-2022-29440-b298ca222afb0226835a41eb83674cd7.yaml b/nuclei-templates/2022/CVE-2022-29440-b298ca222afb0226835a41eb83674cd7.yaml index b0c55f56ee..4b9c0ec9b7 100644 --- a/nuclei-templates/2022/CVE-2022-29440-b298ca222afb0226835a41eb83674cd7.yaml +++ b/nuclei-templates/2022/CVE-2022-29440-b298ca222afb0226835a41eb83674cd7.yaml @@ -11,8 +11,8 @@ info: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/0cd6350c-6da8-4d5a-8ceb-d587ddf40d1d?source=api-prod classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 cve-id: CVE-2022-29440 metadata: fofa-query: "wp-content/plugins/promotion-slider/" diff --git a/nuclei-templates/2022/CVE-2022-30536-0b27dd3c000af77a5878dfd90a44da25.yaml b/nuclei-templates/2022/CVE-2022-30536-0b27dd3c000af77a5878dfd90a44da25.yaml index 010831205e..a485bc97b1 100644 --- a/nuclei-templates/2022/CVE-2022-30536-0b27dd3c000af77a5878dfd90a44da25.yaml +++ b/nuclei-templates/2022/CVE-2022-30536-0b27dd3c000af77a5878dfd90a44da25.yaml @@ -15,17 +15,17 @@ info: cvss-score: 5.5 cve-id: CVE-2022-30536 metadata: - fofa-query: "wp-content/plugins/UNKNOWN-CVE-2022-30536/" - google-query: inurl:"/wp-content/plugins/UNKNOWN-CVE-2022-30536/" + fofa-query: "wp-content/plugins/wp-maintenance/" + google-query: inurl:"/wp-content/plugins/wp-maintenance/" shodan-query: 'vuln:CVE-2022-30536' - tags: cve,wordpress,wp-plugin,UNKNOWN-CVE-2022-30536,low + tags: cve,wordpress,wp-plugin,wp-maintenance,low http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/UNKNOWN-CVE-2022-30536/readme.txt" + - "{{BaseURL}}/wp-content/plugins/wp-maintenance/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "UNKNOWN-CVE-2022-30536" + - "wp-maintenance" part: body - type: dsl diff --git a/nuclei-templates/2022/CVE-2022-31475-12731529f1dbf4a60492003d72d0ba95.yaml b/nuclei-templates/2022/CVE-2022-31475-12731529f1dbf4a60492003d72d0ba95.yaml index f8a0f2240a..4ed5adacc0 100644 --- a/nuclei-templates/2022/CVE-2022-31475-12731529f1dbf4a60492003d72d0ba95.yaml +++ b/nuclei-templates/2022/CVE-2022-31475-12731529f1dbf4a60492003d72d0ba95.yaml @@ -15,17 +15,17 @@ info: cvss-score: 4.9 cve-id: CVE-2022-31475 metadata: - fofa-query: "wp-content/plugins/UNKNOWN-CVE-2022-28700/" - google-query: inurl:"/wp-content/plugins/UNKNOWN-CVE-2022-28700/" + fofa-query: "wp-content/plugins/give/" + google-query: inurl:"/wp-content/plugins/give/" shodan-query: 'vuln:CVE-2022-31475' - tags: cve,wordpress,wp-plugin,UNKNOWN-CVE-2022-28700,low + tags: cve,wordpress,wp-plugin,give,low http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/UNKNOWN-CVE-2022-28700/readme.txt" + - "{{BaseURL}}/wp-content/plugins/give/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "UNKNOWN-CVE-2022-28700" + - "give" part: body - type: dsl diff --git a/nuclei-templates/2022/CVE-2022-3247-db545eca3aba48fb464a9d0a370d34cf.yaml b/nuclei-templates/2022/CVE-2022-3247-db545eca3aba48fb464a9d0a370d34cf.yaml index e2d3e35cfe..40719e96da 100644 --- a/nuclei-templates/2022/CVE-2022-3247-db545eca3aba48fb464a9d0a370d34cf.yaml +++ b/nuclei-templates/2022/CVE-2022-3247-db545eca3aba48fb464a9d0a370d34cf.yaml @@ -11,8 +11,8 @@ info: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/25baf78e-e9bc-421b-8a66-9571ac3625c3?source=api-prod classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N - cvss-score: 7.4 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N + cvss-score: 6.8 cve-id: CVE-2022-3247 metadata: fofa-query: "wp-content/plugins/blog2social/" diff --git a/nuclei-templates/2022/CVE-2022-3343-5fa568161a7465ec06590bcbca4bb9a1.yaml b/nuclei-templates/2022/CVE-2022-3343-5fa568161a7465ec06590bcbca4bb9a1.yaml index a37a090623..0edb221b8a 100644 --- a/nuclei-templates/2022/CVE-2022-3343-5fa568161a7465ec06590bcbca4bb9a1.yaml +++ b/nuclei-templates/2022/CVE-2022-3343-5fa568161a7465ec06590bcbca4bb9a1.yaml @@ -15,17 +15,17 @@ info: cvss-score: 4.3 cve-id: CVE-2022-3343 metadata: - fofa-query: "wp-content/themes/himer/" - google-query: inurl:"/wp-content/themes/himer/" + fofa-query: "wp-content/themes/discy/" + google-query: inurl:"/wp-content/themes/discy/" shodan-query: 'vuln:CVE-2022-3343' - tags: cve,wordpress,wp-theme,himer,low + tags: cve,wordpress,wp-theme,discy,low http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/themes/himer/style.css" + - "{{BaseURL}}/wp-content/themes/discy/style.css" extractors: - type: regex @@ -51,9 +51,9 @@ http: - type: word words: - - "himer" + - "discy" part: body - type: dsl dsl: - - compare_versions(version, '<= 1.9.3') \ No newline at end of file + - compare_versions(version, '<= 5.5.3') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-3366-cfb437ccf6a997aec975c601c86ec21e.yaml b/nuclei-templates/2022/CVE-2022-3366-cfb437ccf6a997aec975c601c86ec21e.yaml index f5cf06afe5..6788e2b2e4 100644 --- a/nuclei-templates/2022/CVE-2022-3366-cfb437ccf6a997aec975c601c86ec21e.yaml +++ b/nuclei-templates/2022/CVE-2022-3366-cfb437ccf6a997aec975c601c86ec21e.yaml @@ -15,17 +15,17 @@ info: cvss-score: 7.2 cve-id: CVE-2022-3366 metadata: - fofa-query: "wp-content/plugins/capabilities-pro/" - google-query: inurl:"/wp-content/plugins/capabilities-pro/" + fofa-query: "wp-content/plugins/capability-manager-enhanced/" + google-query: inurl:"/wp-content/plugins/capability-manager-enhanced/" shodan-query: 'vuln:CVE-2022-3366' - tags: cve,wordpress,wp-plugin,capabilities-pro,low + tags: cve,wordpress,wp-plugin,capability-manager-enhanced,low http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/capabilities-pro/readme.txt" + - "{{BaseURL}}/wp-content/plugins/capability-manager-enhanced/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "capabilities-pro" + - "capability-manager-enhanced" part: body - type: dsl diff --git a/nuclei-templates/2022/CVE-2022-3622-a79533de1834bd1671ef1e98bfa0ddbd.yaml b/nuclei-templates/2022/CVE-2022-3622-a79533de1834bd1671ef1e98bfa0ddbd.yaml index bd554938f2..1afdf7ef41 100644 --- a/nuclei-templates/2022/CVE-2022-3622-a79533de1834bd1671ef1e98bfa0ddbd.yaml +++ b/nuclei-templates/2022/CVE-2022-3622-a79533de1834bd1671ef1e98bfa0ddbd.yaml @@ -11,8 +11,8 @@ info: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/f5b8d39c-d307-42c9-a972-29b5521a82a4?source=api-prod classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N - cvss-score: 4.7 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N + cvss-score: 4.1 cve-id: CVE-2022-3622 metadata: fofa-query: "wp-content/plugins/blog2social/" diff --git a/nuclei-templates/2022/CVE-2022-3883-bdf33169f2b7c6c4bb7ffbae678a03a0.yaml b/nuclei-templates/2022/CVE-2022-3883-bdf33169f2b7c6c4bb7ffbae678a03a0.yaml index cc5aef39c5..858138277a 100644 --- a/nuclei-templates/2022/CVE-2022-3883-bdf33169f2b7c6c4bb7ffbae678a03a0.yaml +++ b/nuclei-templates/2022/CVE-2022-3883-bdf33169f2b7c6c4bb7ffbae678a03a0.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: low description: > - The StopBadBots plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the stopbadbots_install_plugin() function in versions up to, and including, 3.04. This makes it possible for authenticated attackers with minimal permission, such as a subscriber, to install arbitrary plugins on the vulnerable site. This could be used to install additional vulnerable plugins that could aid in further compromise of the site. + The StopBadBots plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the stopbadbots_install_plugin() function in versions up to, and including, 7.23. This makes it possible for authenticated attackers with minimal permission, such as a subscriber, to install arbitrary plugins on the vulnerable site. This could be used to install additional vulnerable plugins that could aid in further compromise of the site. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/759f5687-4ff1-4b8d-a5e7-3fb409fc2ba0?source=api-prod diff --git a/nuclei-templates/2022/CVE-2022-4017-9a5c6012bb97c7357f7b219a7a0543a2.yaml b/nuclei-templates/2022/CVE-2022-4017-9a5c6012bb97c7357f7b219a7a0543a2.yaml index 5082ad29f0..f11f88497d 100644 --- a/nuclei-templates/2022/CVE-2022-4017-9a5c6012bb97c7357f7b219a7a0543a2.yaml +++ b/nuclei-templates/2022/CVE-2022-4017-9a5c6012bb97c7357f7b219a7a0543a2.yaml @@ -15,17 +15,17 @@ info: cvss-score: 5.4 cve-id: CVE-2022-4017 metadata: - fofa-query: "wp-content/plugins/booster-plus-for-woocommerce/" - google-query: inurl:"/wp-content/plugins/booster-plus-for-woocommerce/" + fofa-query: "wp-content/plugins/booster-elite-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/booster-elite-for-woocommerce/" shodan-query: 'vuln:CVE-2022-4017' - tags: cve,wordpress,wp-plugin,booster-plus-for-woocommerce,medium + tags: cve,wordpress,wp-plugin,booster-elite-for-woocommerce,medium http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/booster-plus-for-woocommerce/readme.txt" + - "{{BaseURL}}/wp-content/plugins/booster-elite-for-woocommerce/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "booster-plus-for-woocommerce" + - "booster-elite-for-woocommerce" part: body - type: dsl diff --git a/nuclei-templates/2022/CVE-2022-40700-6d9503aa40ec87a6fd6f77509d4afca0.yaml b/nuclei-templates/2022/CVE-2022-40700-6d9503aa40ec87a6fd6f77509d4afca0.yaml new file mode 100644 index 0000000000..1f448c9880 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-40700-6d9503aa40ec87a6fd6f77509d4afca0.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-40700-6d9503aa40ec87a6fd6f77509d4afca0 + +info: + name: > + CSSTidy - Server-Side Request Forgery + author: topscoder + severity: high + description: > + The module cerdic/csstidy, which is used in several plugins, is vulnerable to Server-Side Request Forgery due to the inclusion of test code that does not verify a user-provided URL. This can allow unauthenticated attackers to to make web requests to arbitrary locations originating from the web application which can be used to query and modify information from internal services. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fb534d86-c477-4a9c-b048-2fbc002168b2?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L + cvss-score: 8.3 + cve-id: CVE-2022-40700 + metadata: + fofa-query: "wp-content/plugins/custom-login-admin-front-end-css-with-multisite-support/" + google-query: inurl:"/wp-content/plugins/custom-login-admin-front-end-css-with-multisite-support/" + shodan-query: 'vuln:CVE-2022-40700' + tags: cve,wordpress,wp-plugin,custom-login-admin-front-end-css-with-multisite-support,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-login-admin-front-end-css-with-multisite-support/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-login-admin-front-end-css-with-multisite-support" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.1') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-40700-82d75ff9ae3d403145ffce236f13f75f.yaml b/nuclei-templates/2022/CVE-2022-40700-82d75ff9ae3d403145ffce236f13f75f.yaml index 62ac0fb539..5ee235f556 100644 --- a/nuclei-templates/2022/CVE-2022-40700-82d75ff9ae3d403145ffce236f13f75f.yaml +++ b/nuclei-templates/2022/CVE-2022-40700-82d75ff9ae3d403145ffce236f13f75f.yaml @@ -15,17 +15,17 @@ info: cvss-score: 8.3 cve-id: CVE-2022-40700 metadata: - fofa-query: "wp-content/plugins/woosupply/" - google-query: inurl:"/wp-content/plugins/woosupply/" + fofa-query: "wp-content/plugins/amp-toolbox/" + google-query: inurl:"/wp-content/plugins/amp-toolbox/" shodan-query: 'vuln:CVE-2022-40700' - tags: cve,wordpress,wp-plugin,woosupply,high + tags: cve,wordpress,wp-plugin,amp-toolbox,high http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/woosupply/readme.txt" + - "{{BaseURL}}/wp-content/plugins/amp-toolbox/readme.txt" extractors: - type: regex @@ -51,9 +51,9 @@ http: - type: word words: - - "woosupply" + - "amp-toolbox" part: body - type: dsl dsl: - - compare_versions(version, '<= 1.2.2.') \ No newline at end of file + - compare_versions(version, '<= 2.1.1') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4150-89ddb8129f6953f9a498365c3febc9ff.yaml b/nuclei-templates/2022/CVE-2022-4150-89ddb8129f6953f9a498365c3febc9ff.yaml index df9a8fa5cb..98bfdbcc56 100644 --- a/nuclei-templates/2022/CVE-2022-4150-89ddb8129f6953f9a498365c3febc9ff.yaml +++ b/nuclei-templates/2022/CVE-2022-4150-89ddb8129f6953f9a498365c3febc9ff.yaml @@ -15,17 +15,17 @@ info: cvss-score: 8.8 cve-id: CVE-2022-4150 metadata: - fofa-query: "wp-content/plugins/contest-gallery/" - google-query: inurl:"/wp-content/plugins/contest-gallery/" + fofa-query: "wp-content/plugins/contest-gallery-pro/" + google-query: inurl:"/wp-content/plugins/contest-gallery-pro/" shodan-query: 'vuln:CVE-2022-4150' - tags: cve,wordpress,wp-plugin,contest-gallery,low + tags: cve,wordpress,wp-plugin,contest-gallery-pro,low http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/contest-gallery/readme.txt" + - "{{BaseURL}}/wp-content/plugins/contest-gallery-pro/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "contest-gallery" + - "contest-gallery-pro" part: body - type: dsl diff --git a/nuclei-templates/2022/CVE-2022-4151-f58ad0d8f0029babfe2d2141d89bb61f.yaml b/nuclei-templates/2022/CVE-2022-4151-f58ad0d8f0029babfe2d2141d89bb61f.yaml index 11e155de84..05347d8eb9 100644 --- a/nuclei-templates/2022/CVE-2022-4151-f58ad0d8f0029babfe2d2141d89bb61f.yaml +++ b/nuclei-templates/2022/CVE-2022-4151-f58ad0d8f0029babfe2d2141d89bb61f.yaml @@ -15,17 +15,17 @@ info: cvss-score: 7.5 cve-id: CVE-2022-4151 metadata: - fofa-query: "wp-content/plugins/contest-gallery/" - google-query: inurl:"/wp-content/plugins/contest-gallery/" + fofa-query: "wp-content/plugins/contest-gallery-pro/" + google-query: inurl:"/wp-content/plugins/contest-gallery-pro/" shodan-query: 'vuln:CVE-2022-4151' - tags: cve,wordpress,wp-plugin,contest-gallery,low + tags: cve,wordpress,wp-plugin,contest-gallery-pro,low http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/contest-gallery/readme.txt" + - "{{BaseURL}}/wp-content/plugins/contest-gallery-pro/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "contest-gallery" + - "contest-gallery-pro" part: body - type: dsl diff --git a/nuclei-templates/2022/CVE-2022-4152-409cf99d0742e1070c39d1caab7af295.yaml b/nuclei-templates/2022/CVE-2022-4152-409cf99d0742e1070c39d1caab7af295.yaml index 28f16ba5c6..1af9f5daac 100644 --- a/nuclei-templates/2022/CVE-2022-4152-409cf99d0742e1070c39d1caab7af295.yaml +++ b/nuclei-templates/2022/CVE-2022-4152-409cf99d0742e1070c39d1caab7af295.yaml @@ -15,17 +15,17 @@ info: cvss-score: 7.5 cve-id: CVE-2022-4152 metadata: - fofa-query: "wp-content/plugins/contest-gallery/" - google-query: inurl:"/wp-content/plugins/contest-gallery/" + fofa-query: "wp-content/plugins/contest-gallery-pro/" + google-query: inurl:"/wp-content/plugins/contest-gallery-pro/" shodan-query: 'vuln:CVE-2022-4152' - tags: cve,wordpress,wp-plugin,contest-gallery,low + tags: cve,wordpress,wp-plugin,contest-gallery-pro,low http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/contest-gallery/readme.txt" + - "{{BaseURL}}/wp-content/plugins/contest-gallery-pro/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "contest-gallery" + - "contest-gallery-pro" part: body - type: dsl diff --git a/nuclei-templates/2022/CVE-2022-4153-e8c8ffde9e4e60f5c04c0844e91c528e.yaml b/nuclei-templates/2022/CVE-2022-4153-e8c8ffde9e4e60f5c04c0844e91c528e.yaml index e93a72db7b..9cf5361d83 100644 --- a/nuclei-templates/2022/CVE-2022-4153-e8c8ffde9e4e60f5c04c0844e91c528e.yaml +++ b/nuclei-templates/2022/CVE-2022-4153-e8c8ffde9e4e60f5c04c0844e91c528e.yaml @@ -15,17 +15,17 @@ info: cvss-score: 7.5 cve-id: CVE-2022-4153 metadata: - fofa-query: "wp-content/plugins/contest-gallery/" - google-query: inurl:"/wp-content/plugins/contest-gallery/" + fofa-query: "wp-content/plugins/contest-gallery-pro/" + google-query: inurl:"/wp-content/plugins/contest-gallery-pro/" shodan-query: 'vuln:CVE-2022-4153' - tags: cve,wordpress,wp-plugin,contest-gallery,low + tags: cve,wordpress,wp-plugin,contest-gallery-pro,low http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/contest-gallery/readme.txt" + - "{{BaseURL}}/wp-content/plugins/contest-gallery-pro/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "contest-gallery" + - "contest-gallery-pro" part: body - type: dsl diff --git a/nuclei-templates/2022/CVE-2022-4155-729b668071601f06d657ec64194e015a.yaml b/nuclei-templates/2022/CVE-2022-4155-729b668071601f06d657ec64194e015a.yaml index 16cbd44cbf..89785bce74 100644 --- a/nuclei-templates/2022/CVE-2022-4155-729b668071601f06d657ec64194e015a.yaml +++ b/nuclei-templates/2022/CVE-2022-4155-729b668071601f06d657ec64194e015a.yaml @@ -15,17 +15,17 @@ info: cvss-score: 7.5 cve-id: CVE-2022-4155 metadata: - fofa-query: "wp-content/plugins/contest-gallery/" - google-query: inurl:"/wp-content/plugins/contest-gallery/" + fofa-query: "wp-content/plugins/contest-gallery-pro/" + google-query: inurl:"/wp-content/plugins/contest-gallery-pro/" shodan-query: 'vuln:CVE-2022-4155' - tags: cve,wordpress,wp-plugin,contest-gallery,low + tags: cve,wordpress,wp-plugin,contest-gallery-pro,low http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/contest-gallery/readme.txt" + - "{{BaseURL}}/wp-content/plugins/contest-gallery-pro/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "contest-gallery" + - "contest-gallery-pro" part: body - type: dsl diff --git a/nuclei-templates/2022/CVE-2022-4156-a046879900e613fbdba373147140a91d.yaml b/nuclei-templates/2022/CVE-2022-4156-a046879900e613fbdba373147140a91d.yaml index c57b403387..4a49f13143 100644 --- a/nuclei-templates/2022/CVE-2022-4156-a046879900e613fbdba373147140a91d.yaml +++ b/nuclei-templates/2022/CVE-2022-4156-a046879900e613fbdba373147140a91d.yaml @@ -15,17 +15,17 @@ info: cvss-score: 8.1 cve-id: CVE-2022-4156 metadata: - fofa-query: "wp-content/plugins/contest-gallery/" - google-query: inurl:"/wp-content/plugins/contest-gallery/" + fofa-query: "wp-content/plugins/contest-gallery-pro/" + google-query: inurl:"/wp-content/plugins/contest-gallery-pro/" shodan-query: 'vuln:CVE-2022-4156' - tags: cve,wordpress,wp-plugin,contest-gallery,critical + tags: cve,wordpress,wp-plugin,contest-gallery-pro,critical http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/contest-gallery/readme.txt" + - "{{BaseURL}}/wp-content/plugins/contest-gallery-pro/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "contest-gallery" + - "contest-gallery-pro" part: body - type: dsl diff --git a/nuclei-templates/2022/CVE-2022-4157-ef8acbac5374670424be29a636301273.yaml b/nuclei-templates/2022/CVE-2022-4157-ef8acbac5374670424be29a636301273.yaml index cb5b0dcce9..12452535b8 100644 --- a/nuclei-templates/2022/CVE-2022-4157-ef8acbac5374670424be29a636301273.yaml +++ b/nuclei-templates/2022/CVE-2022-4157-ef8acbac5374670424be29a636301273.yaml @@ -15,17 +15,17 @@ info: cvss-score: 7.5 cve-id: CVE-2022-4157 metadata: - fofa-query: "wp-content/plugins/contest-gallery/" - google-query: inurl:"/wp-content/plugins/contest-gallery/" + fofa-query: "wp-content/plugins/contest-gallery-pro/" + google-query: inurl:"/wp-content/plugins/contest-gallery-pro/" shodan-query: 'vuln:CVE-2022-4157' - tags: cve,wordpress,wp-plugin,contest-gallery,low + tags: cve,wordpress,wp-plugin,contest-gallery-pro,low http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/contest-gallery/readme.txt" + - "{{BaseURL}}/wp-content/plugins/contest-gallery-pro/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "contest-gallery" + - "contest-gallery-pro" part: body - type: dsl diff --git a/nuclei-templates/2022/CVE-2022-4158-df56bea68613bfe9f1a8bad6b9301565.yaml b/nuclei-templates/2022/CVE-2022-4158-df56bea68613bfe9f1a8bad6b9301565.yaml index 76bd18bdf6..5604ea1137 100644 --- a/nuclei-templates/2022/CVE-2022-4158-df56bea68613bfe9f1a8bad6b9301565.yaml +++ b/nuclei-templates/2022/CVE-2022-4158-df56bea68613bfe9f1a8bad6b9301565.yaml @@ -15,17 +15,17 @@ info: cvss-score: 8.1 cve-id: CVE-2022-4158 metadata: - fofa-query: "wp-content/plugins/contest-gallery/" - google-query: inurl:"/wp-content/plugins/contest-gallery/" + fofa-query: "wp-content/plugins/contest-gallery-pro/" + google-query: inurl:"/wp-content/plugins/contest-gallery-pro/" shodan-query: 'vuln:CVE-2022-4158' - tags: cve,wordpress,wp-plugin,contest-gallery,critical + tags: cve,wordpress,wp-plugin,contest-gallery-pro,critical http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/contest-gallery/readme.txt" + - "{{BaseURL}}/wp-content/plugins/contest-gallery-pro/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "contest-gallery" + - "contest-gallery-pro" part: body - type: dsl diff --git a/nuclei-templates/2022/CVE-2022-4159-b260680d07399e416b0fe3a209d4da3f.yaml b/nuclei-templates/2022/CVE-2022-4159-b260680d07399e416b0fe3a209d4da3f.yaml index ad3282e477..48be6d1d39 100644 --- a/nuclei-templates/2022/CVE-2022-4159-b260680d07399e416b0fe3a209d4da3f.yaml +++ b/nuclei-templates/2022/CVE-2022-4159-b260680d07399e416b0fe3a209d4da3f.yaml @@ -15,17 +15,17 @@ info: cvss-score: 7.5 cve-id: CVE-2022-4159 metadata: - fofa-query: "wp-content/plugins/contest-gallery/" - google-query: inurl:"/wp-content/plugins/contest-gallery/" + fofa-query: "wp-content/plugins/contest-gallery-pro/" + google-query: inurl:"/wp-content/plugins/contest-gallery-pro/" shodan-query: 'vuln:CVE-2022-4159' - tags: cve,wordpress,wp-plugin,contest-gallery,low + tags: cve,wordpress,wp-plugin,contest-gallery-pro,low http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/contest-gallery/readme.txt" + - "{{BaseURL}}/wp-content/plugins/contest-gallery-pro/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "contest-gallery" + - "contest-gallery-pro" part: body - type: dsl diff --git a/nuclei-templates/2022/CVE-2022-4160-04bfdd5b809a376ca0a67b3bd2fb1d90.yaml b/nuclei-templates/2022/CVE-2022-4160-04bfdd5b809a376ca0a67b3bd2fb1d90.yaml index 4bd0dda08b..2921b0fd1f 100644 --- a/nuclei-templates/2022/CVE-2022-4160-04bfdd5b809a376ca0a67b3bd2fb1d90.yaml +++ b/nuclei-templates/2022/CVE-2022-4160-04bfdd5b809a376ca0a67b3bd2fb1d90.yaml @@ -15,17 +15,17 @@ info: cvss-score: 7.5 cve-id: CVE-2022-4160 metadata: - fofa-query: "wp-content/plugins/contest-gallery/" - google-query: inurl:"/wp-content/plugins/contest-gallery/" + fofa-query: "wp-content/plugins/contest-gallery-pro/" + google-query: inurl:"/wp-content/plugins/contest-gallery-pro/" shodan-query: 'vuln:CVE-2022-4160' - tags: cve,wordpress,wp-plugin,contest-gallery,low + tags: cve,wordpress,wp-plugin,contest-gallery-pro,low http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/contest-gallery/readme.txt" + - "{{BaseURL}}/wp-content/plugins/contest-gallery-pro/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "contest-gallery" + - "contest-gallery-pro" part: body - type: dsl diff --git a/nuclei-templates/2022/CVE-2022-4161-93c8a6c4b9c71a29125244c4124e66a6.yaml b/nuclei-templates/2022/CVE-2022-4161-93c8a6c4b9c71a29125244c4124e66a6.yaml index a8cc1e097b..879a00d997 100644 --- a/nuclei-templates/2022/CVE-2022-4161-93c8a6c4b9c71a29125244c4124e66a6.yaml +++ b/nuclei-templates/2022/CVE-2022-4161-93c8a6c4b9c71a29125244c4124e66a6.yaml @@ -15,17 +15,17 @@ info: cvss-score: 7.5 cve-id: CVE-2022-4161 metadata: - fofa-query: "wp-content/plugins/contest-gallery/" - google-query: inurl:"/wp-content/plugins/contest-gallery/" + fofa-query: "wp-content/plugins/contest-gallery-pro/" + google-query: inurl:"/wp-content/plugins/contest-gallery-pro/" shodan-query: 'vuln:CVE-2022-4161' - tags: cve,wordpress,wp-plugin,contest-gallery,low + tags: cve,wordpress,wp-plugin,contest-gallery-pro,low http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/contest-gallery/readme.txt" + - "{{BaseURL}}/wp-content/plugins/contest-gallery-pro/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "contest-gallery" + - "contest-gallery-pro" part: body - type: dsl diff --git a/nuclei-templates/2022/CVE-2022-4162-9ab19baaca2eb271d7b3d2db9b569ee5.yaml b/nuclei-templates/2022/CVE-2022-4162-9ab19baaca2eb271d7b3d2db9b569ee5.yaml index 48e6906674..def65de6ec 100644 --- a/nuclei-templates/2022/CVE-2022-4162-9ab19baaca2eb271d7b3d2db9b569ee5.yaml +++ b/nuclei-templates/2022/CVE-2022-4162-9ab19baaca2eb271d7b3d2db9b569ee5.yaml @@ -15,17 +15,17 @@ info: cvss-score: 7.5 cve-id: CVE-2022-4162 metadata: - fofa-query: "wp-content/plugins/contest-gallery/" - google-query: inurl:"/wp-content/plugins/contest-gallery/" + fofa-query: "wp-content/plugins/contest-gallery-pro/" + google-query: inurl:"/wp-content/plugins/contest-gallery-pro/" shodan-query: 'vuln:CVE-2022-4162' - tags: cve,wordpress,wp-plugin,contest-gallery,low + tags: cve,wordpress,wp-plugin,contest-gallery-pro,low http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/contest-gallery/readme.txt" + - "{{BaseURL}}/wp-content/plugins/contest-gallery-pro/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "contest-gallery" + - "contest-gallery-pro" part: body - type: dsl diff --git a/nuclei-templates/2022/CVE-2022-4163-b8d3db3a579d1ef5fbd0f4030a317842.yaml b/nuclei-templates/2022/CVE-2022-4163-b8d3db3a579d1ef5fbd0f4030a317842.yaml index 6a5c55d72e..b16d1b95c8 100644 --- a/nuclei-templates/2022/CVE-2022-4163-b8d3db3a579d1ef5fbd0f4030a317842.yaml +++ b/nuclei-templates/2022/CVE-2022-4163-b8d3db3a579d1ef5fbd0f4030a317842.yaml @@ -15,17 +15,17 @@ info: cvss-score: 7.5 cve-id: CVE-2022-4163 metadata: - fofa-query: "wp-content/plugins/contest-gallery/" - google-query: inurl:"/wp-content/plugins/contest-gallery/" + fofa-query: "wp-content/plugins/contest-gallery-pro/" + google-query: inurl:"/wp-content/plugins/contest-gallery-pro/" shodan-query: 'vuln:CVE-2022-4163' - tags: cve,wordpress,wp-plugin,contest-gallery,low + tags: cve,wordpress,wp-plugin,contest-gallery-pro,low http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/contest-gallery/readme.txt" + - "{{BaseURL}}/wp-content/plugins/contest-gallery-pro/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "contest-gallery" + - "contest-gallery-pro" part: body - type: dsl diff --git a/nuclei-templates/2022/CVE-2022-4164-deca004a864585a4ac36dd875738ca92.yaml b/nuclei-templates/2022/CVE-2022-4164-deca004a864585a4ac36dd875738ca92.yaml index fc2b6bb74d..0977b6ceb5 100644 --- a/nuclei-templates/2022/CVE-2022-4164-deca004a864585a4ac36dd875738ca92.yaml +++ b/nuclei-templates/2022/CVE-2022-4164-deca004a864585a4ac36dd875738ca92.yaml @@ -15,17 +15,17 @@ info: cvss-score: 7.5 cve-id: CVE-2022-4164 metadata: - fofa-query: "wp-content/plugins/contest-gallery/" - google-query: inurl:"/wp-content/plugins/contest-gallery/" + fofa-query: "wp-content/plugins/contest-gallery-pro/" + google-query: inurl:"/wp-content/plugins/contest-gallery-pro/" shodan-query: 'vuln:CVE-2022-4164' - tags: cve,wordpress,wp-plugin,contest-gallery,low + tags: cve,wordpress,wp-plugin,contest-gallery-pro,low http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/contest-gallery/readme.txt" + - "{{BaseURL}}/wp-content/plugins/contest-gallery-pro/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "contest-gallery" + - "contest-gallery-pro" part: body - type: dsl diff --git a/nuclei-templates/2022/CVE-2022-4165-cb966581607dce0564abbe60f86d1cdc.yaml b/nuclei-templates/2022/CVE-2022-4165-cb966581607dce0564abbe60f86d1cdc.yaml index 0ce2b39e78..2f98cd47bf 100644 --- a/nuclei-templates/2022/CVE-2022-4165-cb966581607dce0564abbe60f86d1cdc.yaml +++ b/nuclei-templates/2022/CVE-2022-4165-cb966581607dce0564abbe60f86d1cdc.yaml @@ -15,17 +15,17 @@ info: cvss-score: 7.5 cve-id: CVE-2022-4165 metadata: - fofa-query: "wp-content/plugins/contest-gallery/" - google-query: inurl:"/wp-content/plugins/contest-gallery/" + fofa-query: "wp-content/plugins/contest-gallery-pro/" + google-query: inurl:"/wp-content/plugins/contest-gallery-pro/" shodan-query: 'vuln:CVE-2022-4165' - tags: cve,wordpress,wp-plugin,contest-gallery,low + tags: cve,wordpress,wp-plugin,contest-gallery-pro,low http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/contest-gallery/readme.txt" + - "{{BaseURL}}/wp-content/plugins/contest-gallery-pro/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "contest-gallery" + - "contest-gallery-pro" part: body - type: dsl diff --git a/nuclei-templates/2022/CVE-2022-4166-1ee0000585ef7ce6a70553ffc39cde20.yaml b/nuclei-templates/2022/CVE-2022-4166-1ee0000585ef7ce6a70553ffc39cde20.yaml index 19b8258a24..c25164b7ad 100644 --- a/nuclei-templates/2022/CVE-2022-4166-1ee0000585ef7ce6a70553ffc39cde20.yaml +++ b/nuclei-templates/2022/CVE-2022-4166-1ee0000585ef7ce6a70553ffc39cde20.yaml @@ -15,17 +15,17 @@ info: cvss-score: 7.5 cve-id: CVE-2022-4166 metadata: - fofa-query: "wp-content/plugins/contest-gallery/" - google-query: inurl:"/wp-content/plugins/contest-gallery/" + fofa-query: "wp-content/plugins/contest-gallery-pro/" + google-query: inurl:"/wp-content/plugins/contest-gallery-pro/" shodan-query: 'vuln:CVE-2022-4166' - tags: cve,wordpress,wp-plugin,contest-gallery,low + tags: cve,wordpress,wp-plugin,contest-gallery-pro,low http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/contest-gallery/readme.txt" + - "{{BaseURL}}/wp-content/plugins/contest-gallery-pro/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "contest-gallery" + - "contest-gallery-pro" part: body - type: dsl diff --git a/nuclei-templates/2022/CVE-2022-4227-8f43a60f98462062ab2c0195b62be1d7.yaml b/nuclei-templates/2022/CVE-2022-4227-8f43a60f98462062ab2c0195b62be1d7.yaml index e6769d9517..c77a63562a 100644 --- a/nuclei-templates/2022/CVE-2022-4227-8f43a60f98462062ab2c0195b62be1d7.yaml +++ b/nuclei-templates/2022/CVE-2022-4227-8f43a60f98462062ab2c0195b62be1d7.yaml @@ -15,17 +15,17 @@ info: cvss-score: 6.1 cve-id: CVE-2022-4227 metadata: - fofa-query: "wp-content/plugins/booster-plus-for-woocommerce/" - google-query: inurl:"/wp-content/plugins/booster-plus-for-woocommerce/" + fofa-query: "wp-content/plugins/booster-elite-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/booster-elite-for-woocommerce/" shodan-query: 'vuln:CVE-2022-4227' - tags: cve,wordpress,wp-plugin,booster-plus-for-woocommerce,medium + tags: cve,wordpress,wp-plugin,booster-elite-for-woocommerce,medium http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/booster-plus-for-woocommerce/readme.txt" + - "{{BaseURL}}/wp-content/plugins/booster-elite-for-woocommerce/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "booster-plus-for-woocommerce" + - "booster-elite-for-woocommerce" part: body - type: dsl diff --git a/nuclei-templates/2022/CVE-2022-43504-2bbe4d86942ae8601cc8e7ba56325f0a.yaml b/nuclei-templates/2022/CVE-2022-43504-2bbe4d86942ae8601cc8e7ba56325f0a.yaml index 976dea3998..7e266adc51 100644 --- a/nuclei-templates/2022/CVE-2022-43504-2bbe4d86942ae8601cc8e7ba56325f0a.yaml +++ b/nuclei-templates/2022/CVE-2022-43504-2bbe4d86942ae8601cc8e7ba56325f0a.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: high description: > - WordPress Core in versions up to 6.0.3 are vulnerable to Cross-Site Scripting via wp-mail.php. This is due to no validation on what level the user was sending the email post and therefore did not perform any sanitization on the submitted post data. This meant that users without the unfiltered_html capability, with access to submitting posts via email, could inject malicious JavaScript into posts that would execute whenever someone accessed the post. + WordPress Core in versions up to 6.0.3 are vulnerable to Cross-Site Scripting via wp-mail.php. This is due to no validation on what level the user was sending the email post and therefore did not perform any sanitization on the submitted post data. This meant that users without the unfiltered_html capability, with access to submitting posts via email, could inject malicious JavaScript into posts that would execute whenever someone accessed the post. CVE-2022-43500 may be a duplicate of this issue. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/eadbfb77-fb9a-4363-acc8-8dd9b87820eb?source=api-prod diff --git a/nuclei-templates/2022/CVE-2022-44630-0c76658c4b74fbf30ad81c9a5c04da43.yaml b/nuclei-templates/2022/CVE-2022-44630-0c76658c4b74fbf30ad81c9a5c04da43.yaml new file mode 100644 index 0000000000..7f1657a20f --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-44630-0c76658c4b74fbf30ad81c9a5c04da43.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-44630-0c76658c4b74fbf30ad81c9a5c04da43 + +info: + name: > + YITH plugins by YITHEMES <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + Several YITHEMES plugins for WordPress are vulnerable to Cross-Site Request Forgery. This is due to missing or incorrect nonce validation on the create_log_file function. This makes it possible for unauthenticated attackers to create an error or debug log file using the plugin, via forged request granted they can trick a site administrator into performing an action such as clicking on a link. The function allows the user to specify the file name. Please note that the unpatched plugins from this developer are the FREE versions of the plugin that were available on the WordPress.org repository. The developer is still maintaining the premium versions of the plugins which have been patched. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f002d061-4e9d-49be-9d4c-c470ec97f653?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N + cvss-score: 4.3 + cve-id: CVE-2022-44630 + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-ajax-search/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-ajax-search/" + shodan-query: 'vuln:CVE-2022-44630' + tags: cve,wordpress,wp-plugin,yith-woocommerce-ajax-search,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-ajax-search/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-ajax-search" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.25.0') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-44630-160ec0662a1e5e6af77eb5c619ecca8c.yaml b/nuclei-templates/2022/CVE-2022-44630-160ec0662a1e5e6af77eb5c619ecca8c.yaml new file mode 100644 index 0000000000..7991e42466 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-44630-160ec0662a1e5e6af77eb5c619ecca8c.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-44630-160ec0662a1e5e6af77eb5c619ecca8c + +info: + name: > + YITH plugins by YITHEMES <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + Several YITHEMES plugins for WordPress are vulnerable to Cross-Site Request Forgery. This is due to missing or incorrect nonce validation on the create_log_file function. This makes it possible for unauthenticated attackers to create an error or debug log file using the plugin, via forged request granted they can trick a site administrator into performing an action such as clicking on a link. The function allows the user to specify the file name. Please note that the unpatched plugins from this developer are the FREE versions of the plugin that were available on the WordPress.org repository. The developer is still maintaining the premium versions of the plugins which have been patched. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f002d061-4e9d-49be-9d4c-c470ec97f653?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N + cvss-score: 4.3 + cve-id: CVE-2022-44630 + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-compare/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-compare/" + shodan-query: 'vuln:CVE-2022-44630' + tags: cve,wordpress,wp-plugin,yith-woocommerce-compare,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-compare/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-compare" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.20.0') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-44630-16350745e6e7be401654975aa3f4ad51.yaml b/nuclei-templates/2022/CVE-2022-44630-16350745e6e7be401654975aa3f4ad51.yaml index df3109bed0..1d35cb85c1 100644 --- a/nuclei-templates/2022/CVE-2022-44630-16350745e6e7be401654975aa3f4ad51.yaml +++ b/nuclei-templates/2022/CVE-2022-44630-16350745e6e7be401654975aa3f4ad51.yaml @@ -15,17 +15,17 @@ info: cvss-score: 4.3 cve-id: CVE-2022-44630 metadata: - fofa-query: "wp-content/plugins/yith-woocommerce-popup/" - google-query: inurl:"/wp-content/plugins/yith-woocommerce-popup/" + fofa-query: "wp-content/plugins/yith-woocommerce-quick-view/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-quick-view/" shodan-query: 'vuln:CVE-2022-44630' - tags: cve,wordpress,wp-plugin,yith-woocommerce-popup,medium + tags: cve,wordpress,wp-plugin,yith-woocommerce-quick-view,medium http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-popup/readme.txt" + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-quick-view/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "yith-woocommerce-popup" + - "yith-woocommerce-quick-view" part: body - type: dsl diff --git a/nuclei-templates/2022/CVE-2022-44630-1a2d6b76a07684c756946f7780fd1a35.yaml b/nuclei-templates/2022/CVE-2022-44630-1a2d6b76a07684c756946f7780fd1a35.yaml new file mode 100644 index 0000000000..3730f3264c --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-44630-1a2d6b76a07684c756946f7780fd1a35.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-44630-1a2d6b76a07684c756946f7780fd1a35 + +info: + name: > + YITH plugins by YITHEMES <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + Several YITHEMES plugins for WordPress are vulnerable to Cross-Site Request Forgery. This is due to missing or incorrect nonce validation on the create_log_file function. This makes it possible for unauthenticated attackers to create an error or debug log file using the plugin, via forged request granted they can trick a site administrator into performing an action such as clicking on a link. The function allows the user to specify the file name. Please note that the unpatched plugins from this developer are the FREE versions of the plugin that were available on the WordPress.org repository. The developer is still maintaining the premium versions of the plugins which have been patched. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f002d061-4e9d-49be-9d4c-c470ec97f653?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N + cvss-score: 4.3 + cve-id: CVE-2022-44630 + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-featured-video/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-featured-video/" + shodan-query: 'vuln:CVE-2022-44630' + tags: cve,wordpress,wp-plugin,yith-woocommerce-featured-video,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-featured-video/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-featured-video" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.18.0') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-44630-1d651b9df914ae2437038285ad43c38d.yaml b/nuclei-templates/2022/CVE-2022-44630-1d651b9df914ae2437038285ad43c38d.yaml new file mode 100644 index 0000000000..a209cf4c7e --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-44630-1d651b9df914ae2437038285ad43c38d.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-44630-1d651b9df914ae2437038285ad43c38d + +info: + name: > + YITH plugins by YITHEMES <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + Several YITHEMES plugins for WordPress are vulnerable to Cross-Site Request Forgery. This is due to missing or incorrect nonce validation on the create_log_file function. This makes it possible for unauthenticated attackers to create an error or debug log file using the plugin, via forged request granted they can trick a site administrator into performing an action such as clicking on a link. The function allows the user to specify the file name. Please note that the unpatched plugins from this developer are the FREE versions of the plugin that were available on the WordPress.org repository. The developer is still maintaining the premium versions of the plugins which have been patched. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f002d061-4e9d-49be-9d4c-c470ec97f653?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N + cvss-score: 4.3 + cve-id: CVE-2022-44630 + metadata: + fofa-query: "wp-content/plugins/yith-paypal-express-checkout-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/yith-paypal-express-checkout-for-woocommerce/" + shodan-query: 'vuln:CVE-2022-44630' + tags: cve,wordpress,wp-plugin,yith-paypal-express-checkout-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-paypal-express-checkout-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-paypal-express-checkout-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.20.0') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-44630-373c313e9a44b53198641edf24c06bf6.yaml b/nuclei-templates/2022/CVE-2022-44630-373c313e9a44b53198641edf24c06bf6.yaml index 07c85ec7e2..5fd69cdb07 100644 --- a/nuclei-templates/2022/CVE-2022-44630-373c313e9a44b53198641edf24c06bf6.yaml +++ b/nuclei-templates/2022/CVE-2022-44630-373c313e9a44b53198641edf24c06bf6.yaml @@ -15,17 +15,17 @@ info: cvss-score: 4.3 cve-id: CVE-2022-44630 metadata: - fofa-query: "wp-content/plugins/yith-woocommerce-zoom-magnifier/" - google-query: inurl:"/wp-content/plugins/yith-woocommerce-zoom-magnifier/" + fofa-query: "wp-content/plugins/yith-woocommerce-gift-cards/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-gift-cards/" shodan-query: 'vuln:CVE-2022-44630' - tags: cve,wordpress,wp-plugin,yith-woocommerce-zoom-magnifier,medium + tags: cve,wordpress,wp-plugin,yith-woocommerce-gift-cards,medium http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-zoom-magnifier/readme.txt" + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-gift-cards/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "yith-woocommerce-zoom-magnifier" + - "yith-woocommerce-gift-cards" part: body - type: dsl diff --git a/nuclei-templates/2022/CVE-2022-44630-4472daf00f282bb3cb6d97910ef03d44.yaml b/nuclei-templates/2022/CVE-2022-44630-4472daf00f282bb3cb6d97910ef03d44.yaml new file mode 100644 index 0000000000..7baa8ed3ba --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-44630-4472daf00f282bb3cb6d97910ef03d44.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-44630-4472daf00f282bb3cb6d97910ef03d44 + +info: + name: > + YITH plugins by YITHEMES <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + Several YITHEMES plugins for WordPress are vulnerable to Cross-Site Request Forgery. This is due to missing or incorrect nonce validation on the create_log_file function. This makes it possible for unauthenticated attackers to create an error or debug log file using the plugin, via forged request granted they can trick a site administrator into performing an action such as clicking on a link. The function allows the user to specify the file name. Please note that the unpatched plugins from this developer are the FREE versions of the plugin that were available on the WordPress.org repository. The developer is still maintaining the premium versions of the plugins which have been patched. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f002d061-4e9d-49be-9d4c-c470ec97f653?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N + cvss-score: 4.3 + cve-id: CVE-2022-44630 + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-frequently-bought-together/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-frequently-bought-together/" + shodan-query: 'vuln:CVE-2022-44630' + tags: cve,wordpress,wp-plugin,yith-woocommerce-frequently-bought-together,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-frequently-bought-together/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-frequently-bought-together" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.18.0') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-44630-4a6bfa2093d7a214114c7733ea41115a.yaml b/nuclei-templates/2022/CVE-2022-44630-4a6bfa2093d7a214114c7733ea41115a.yaml new file mode 100644 index 0000000000..b589099974 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-44630-4a6bfa2093d7a214114c7733ea41115a.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-44630-4a6bfa2093d7a214114c7733ea41115a + +info: + name: > + YITH plugins by YITHEMES <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + Several YITHEMES plugins for WordPress are vulnerable to Cross-Site Request Forgery. This is due to missing or incorrect nonce validation on the create_log_file function. This makes it possible for unauthenticated attackers to create an error or debug log file using the plugin, via forged request granted they can trick a site administrator into performing an action such as clicking on a link. The function allows the user to specify the file name. Please note that the unpatched plugins from this developer are the FREE versions of the plugin that were available on the WordPress.org repository. The developer is still maintaining the premium versions of the plugins which have been patched. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f002d061-4e9d-49be-9d4c-c470ec97f653?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N + cvss-score: 4.3 + cve-id: CVE-2022-44630 + metadata: + fofa-query: "wp-content/plugins/yith-essential-kit-for-woocommerce-1/" + google-query: inurl:"/wp-content/plugins/yith-essential-kit-for-woocommerce-1/" + shodan-query: 'vuln:CVE-2022-44630' + tags: cve,wordpress,wp-plugin,yith-essential-kit-for-woocommerce-1,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-essential-kit-for-woocommerce-1/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-essential-kit-for-woocommerce-1" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.13.0') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-44630-59372a7b986c4b3b6658f74e29b547df.yaml b/nuclei-templates/2022/CVE-2022-44630-59372a7b986c4b3b6658f74e29b547df.yaml index 54ba213c17..0ef7f70aa2 100644 --- a/nuclei-templates/2022/CVE-2022-44630-59372a7b986c4b3b6658f74e29b547df.yaml +++ b/nuclei-templates/2022/CVE-2022-44630-59372a7b986c4b3b6658f74e29b547df.yaml @@ -15,17 +15,17 @@ info: cvss-score: 4.3 cve-id: CVE-2022-44630 metadata: - fofa-query: "wp-content/plugins/yith-woocommerce-bulk-product-editing/" - google-query: inurl:"/wp-content/plugins/yith-woocommerce-bulk-product-editing/" + fofa-query: "wp-content/plugins/yith-woocommerce-social-login/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-social-login/" shodan-query: 'vuln:CVE-2022-44630' - tags: cve,wordpress,wp-plugin,yith-woocommerce-bulk-product-editing,medium + tags: cve,wordpress,wp-plugin,yith-woocommerce-social-login,medium http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-bulk-product-editing/readme.txt" + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-social-login/readme.txt" extractors: - type: regex @@ -51,9 +51,9 @@ http: - type: word words: - - "yith-woocommerce-bulk-product-editing" + - "yith-woocommerce-social-login" part: body - type: dsl dsl: - - compare_versions(version, '<= 1.2.27') \ No newline at end of file + - compare_versions(version, '<= 1.4.9') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-44630-8d4881e6781bd517061770ce9e79c0e2.yaml b/nuclei-templates/2022/CVE-2022-44630-8d4881e6781bd517061770ce9e79c0e2.yaml new file mode 100644 index 0000000000..8dcc5d2b4b --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-44630-8d4881e6781bd517061770ce9e79c0e2.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-44630-8d4881e6781bd517061770ce9e79c0e2 + +info: + name: > + YITH plugins by YITHEMES <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + Several YITHEMES plugins for WordPress are vulnerable to Cross-Site Request Forgery. This is due to missing or incorrect nonce validation on the create_log_file function. This makes it possible for unauthenticated attackers to create an error or debug log file using the plugin, via forged request granted they can trick a site administrator into performing an action such as clicking on a link. The function allows the user to specify the file name. Please note that the unpatched plugins from this developer are the FREE versions of the plugin that were available on the WordPress.org repository. The developer is still maintaining the premium versions of the plugins which have been patched. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f002d061-4e9d-49be-9d4c-c470ec97f653?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N + cvss-score: 4.3 + cve-id: CVE-2022-44630 + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-brands-add-on/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-brands-add-on/" + shodan-query: 'vuln:CVE-2022-44630' + tags: cve,wordpress,wp-plugin,yith-woocommerce-brands-add-on,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-brands-add-on/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-brands-add-on" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.0') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-44630-914b7023f5c5551b4d27a0085c0f1896.yaml b/nuclei-templates/2022/CVE-2022-44630-914b7023f5c5551b4d27a0085c0f1896.yaml new file mode 100644 index 0000000000..6fca9f5ae7 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-44630-914b7023f5c5551b4d27a0085c0f1896.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-44630-914b7023f5c5551b4d27a0085c0f1896 + +info: + name: > + YITH plugins by YITHEMES <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + Several YITHEMES plugins for WordPress are vulnerable to Cross-Site Request Forgery. This is due to missing or incorrect nonce validation on the create_log_file function. This makes it possible for unauthenticated attackers to create an error or debug log file using the plugin, via forged request granted they can trick a site administrator into performing an action such as clicking on a link. The function allows the user to specify the file name. Please note that the unpatched plugins from this developer are the FREE versions of the plugin that were available on the WordPress.org repository. The developer is still maintaining the premium versions of the plugins which have been patched. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f002d061-4e9d-49be-9d4c-c470ec97f653?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N + cvss-score: 4.3 + cve-id: CVE-2022-44630 + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-catalog-mode/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-catalog-mode/" + shodan-query: 'vuln:CVE-2022-44630' + tags: cve,wordpress,wp-plugin,yith-woocommerce-catalog-mode,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-catalog-mode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-catalog-mode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.16.0') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-44630-9cb11e2ad6fc58891e609c0ffbaf2827.yaml b/nuclei-templates/2022/CVE-2022-44630-9cb11e2ad6fc58891e609c0ffbaf2827.yaml new file mode 100644 index 0000000000..a5959503b2 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-44630-9cb11e2ad6fc58891e609c0ffbaf2827.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-44630-9cb11e2ad6fc58891e609c0ffbaf2827 + +info: + name: > + YITH plugins by YITHEMES <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + Several YITHEMES plugins for WordPress are vulnerable to Cross-Site Request Forgery. This is due to missing or incorrect nonce validation on the create_log_file function. This makes it possible for unauthenticated attackers to create an error or debug log file using the plugin, via forged request granted they can trick a site administrator into performing an action such as clicking on a link. The function allows the user to specify the file name. Please note that the unpatched plugins from this developer are the FREE versions of the plugin that were available on the WordPress.org repository. The developer is still maintaining the premium versions of the plugins which have been patched. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f002d061-4e9d-49be-9d4c-c470ec97f653?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N + cvss-score: 4.3 + cve-id: CVE-2022-44630 + metadata: + fofa-query: "wp-content/plugins/yith-infinite-scrolling/" + google-query: inurl:"/wp-content/plugins/yith-infinite-scrolling/" + shodan-query: 'vuln:CVE-2022-44630' + tags: cve,wordpress,wp-plugin,yith-infinite-scrolling,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-infinite-scrolling/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-infinite-scrolling" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.0') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-44630-cfe706b136389144e952db6c3b29aea5.yaml b/nuclei-templates/2022/CVE-2022-44630-cfe706b136389144e952db6c3b29aea5.yaml new file mode 100644 index 0000000000..602e987992 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-44630-cfe706b136389144e952db6c3b29aea5.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-44630-cfe706b136389144e952db6c3b29aea5 + +info: + name: > + YITH plugins by YITHEMES <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + Several YITHEMES plugins for WordPress are vulnerable to Cross-Site Request Forgery. This is due to missing or incorrect nonce validation on the create_log_file function. This makes it possible for unauthenticated attackers to create an error or debug log file using the plugin, via forged request granted they can trick a site administrator into performing an action such as clicking on a link. The function allows the user to specify the file name. Please note that the unpatched plugins from this developer are the FREE versions of the plugin that were available on the WordPress.org repository. The developer is still maintaining the premium versions of the plugins which have been patched. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f002d061-4e9d-49be-9d4c-c470ec97f653?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N + cvss-score: 4.3 + cve-id: CVE-2022-44630 + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-ajax-navigation/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-ajax-navigation/" + shodan-query: 'vuln:CVE-2022-44630' + tags: cve,wordpress,wp-plugin,yith-woocommerce-ajax-navigation,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-ajax-navigation/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-ajax-navigation" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.15.0') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-44630-d6f966e478884d0270c39af8b3108c94.yaml b/nuclei-templates/2022/CVE-2022-44630-d6f966e478884d0270c39af8b3108c94.yaml new file mode 100644 index 0000000000..ec3d659e36 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-44630-d6f966e478884d0270c39af8b3108c94.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-44630-d6f966e478884d0270c39af8b3108c94 + +info: + name: > + YITH plugins by YITHEMES <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + Several YITHEMES plugins for WordPress are vulnerable to Cross-Site Request Forgery. This is due to missing or incorrect nonce validation on the create_log_file function. This makes it possible for unauthenticated attackers to create an error or debug log file using the plugin, via forged request granted they can trick a site administrator into performing an action such as clicking on a link. The function allows the user to specify the file name. Please note that the unpatched plugins from this developer are the FREE versions of the plugin that were available on the WordPress.org repository. The developer is still maintaining the premium versions of the plugins which have been patched. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f002d061-4e9d-49be-9d4c-c470ec97f653?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N + cvss-score: 4.3 + cve-id: CVE-2022-44630 + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-wishlist/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-wishlist/" + shodan-query: 'vuln:CVE-2022-44630' + tags: cve,wordpress,wp-plugin,yith-woocommerce-wishlist,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-wishlist/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-wishlist" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.14.0') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-44630-de65f4e7d08aff23c22b772d84372882.yaml b/nuclei-templates/2022/CVE-2022-44630-de65f4e7d08aff23c22b772d84372882.yaml new file mode 100644 index 0000000000..0109be78a2 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-44630-de65f4e7d08aff23c22b772d84372882.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-44630-de65f4e7d08aff23c22b772d84372882 + +info: + name: > + YITH plugins by YITHEMES <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + Several YITHEMES plugins for WordPress are vulnerable to Cross-Site Request Forgery. This is due to missing or incorrect nonce validation on the create_log_file function. This makes it possible for unauthenticated attackers to create an error or debug log file using the plugin, via forged request granted they can trick a site administrator into performing an action such as clicking on a link. The function allows the user to specify the file name. Please note that the unpatched plugins from this developer are the FREE versions of the plugin that were available on the WordPress.org repository. The developer is still maintaining the premium versions of the plugins which have been patched. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f002d061-4e9d-49be-9d4c-c470ec97f653?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N + cvss-score: 4.3 + cve-id: CVE-2022-44630 + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-request-a-quote/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-request-a-quote/" + shodan-query: 'vuln:CVE-2022-44630' + tags: cve,wordpress,wp-plugin,yith-woocommerce-request-a-quote,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-request-a-quote/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-request-a-quote" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.15.0') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-44630-dfcfe2d3177efb8428f66a5de98c02d3.yaml b/nuclei-templates/2022/CVE-2022-44630-dfcfe2d3177efb8428f66a5de98c02d3.yaml new file mode 100644 index 0000000000..de4f16b4af --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-44630-dfcfe2d3177efb8428f66a5de98c02d3.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-44630-dfcfe2d3177efb8428f66a5de98c02d3 + +info: + name: > + YITH plugins by YITHEMES <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + Several YITHEMES plugins for WordPress are vulnerable to Cross-Site Request Forgery. This is due to missing or incorrect nonce validation on the create_log_file function. This makes it possible for unauthenticated attackers to create an error or debug log file using the plugin, via forged request granted they can trick a site administrator into performing an action such as clicking on a link. The function allows the user to specify the file name. Please note that the unpatched plugins from this developer are the FREE versions of the plugin that were available on the WordPress.org repository. The developer is still maintaining the premium versions of the plugins which have been patched. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f002d061-4e9d-49be-9d4c-c470ec97f653?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N + cvss-score: 4.3 + cve-id: CVE-2022-44630 + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-affiliates/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-affiliates/" + shodan-query: 'vuln:CVE-2022-44630' + tags: cve,wordpress,wp-plugin,yith-woocommerce-affiliates,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-affiliates/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-affiliates" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.0') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-44630-ea28a562c084f5a6b5935cf58af06581.yaml b/nuclei-templates/2022/CVE-2022-44630-ea28a562c084f5a6b5935cf58af06581.yaml new file mode 100644 index 0000000000..f7fe8e2509 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-44630-ea28a562c084f5a6b5935cf58af06581.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-44630-ea28a562c084f5a6b5935cf58af06581 + +info: + name: > + YITH plugins by YITHEMES <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + Several YITHEMES plugins for WordPress are vulnerable to Cross-Site Request Forgery. This is due to missing or incorrect nonce validation on the create_log_file function. This makes it possible for unauthenticated attackers to create an error or debug log file using the plugin, via forged request granted they can trick a site administrator into performing an action such as clicking on a link. The function allows the user to specify the file name. Please note that the unpatched plugins from this developer are the FREE versions of the plugin that were available on the WordPress.org repository. The developer is still maintaining the premium versions of the plugins which have been patched. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f002d061-4e9d-49be-9d4c-c470ec97f653?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N + cvss-score: 4.3 + cve-id: CVE-2022-44630 + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-product-bundles/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-product-bundles/" + shodan-query: 'vuln:CVE-2022-44630' + tags: cve,wordpress,wp-plugin,yith-woocommerce-product-bundles,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-product-bundles/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-product-bundles" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.16.0') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-44630-ed5e1348ec5b68c131ea28a672759bca.yaml b/nuclei-templates/2022/CVE-2022-44630-ed5e1348ec5b68c131ea28a672759bca.yaml new file mode 100644 index 0000000000..788a2ae39b --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-44630-ed5e1348ec5b68c131ea28a672759bca.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-44630-ed5e1348ec5b68c131ea28a672759bca + +info: + name: > + YITH plugins by YITHEMES <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + Several YITHEMES plugins for WordPress are vulnerable to Cross-Site Request Forgery. This is due to missing or incorrect nonce validation on the create_log_file function. This makes it possible for unauthenticated attackers to create an error or debug log file using the plugin, via forged request granted they can trick a site administrator into performing an action such as clicking on a link. The function allows the user to specify the file name. Please note that the unpatched plugins from this developer are the FREE versions of the plugin that were available on the WordPress.org repository. The developer is still maintaining the premium versions of the plugins which have been patched. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f002d061-4e9d-49be-9d4c-c470ec97f653?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N + cvss-score: 4.3 + cve-id: CVE-2022-44630 + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-product-slider-carousel/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-product-slider-carousel/" + shodan-query: 'vuln:CVE-2022-44630' + tags: cve,wordpress,wp-plugin,yith-woocommerce-product-slider-carousel,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-product-slider-carousel/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-product-slider-carousel" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.16.0') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-44738-2f44d3c0e6cb60e042a8308dcc2b1aaa.yaml b/nuclei-templates/2022/CVE-2022-44738-2f44d3c0e6cb60e042a8308dcc2b1aaa.yaml index 01f16c2ce3..d27a5dfd3e 100644 --- a/nuclei-templates/2022/CVE-2022-44738-2f44d3c0e6cb60e042a8308dcc2b1aaa.yaml +++ b/nuclei-templates/2022/CVE-2022-44738-2f44d3c0e6cb60e042a8308dcc2b1aaa.yaml @@ -11,8 +11,8 @@ info: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/766c2aa5-e829-45b9-b6e3-0a522a0977d4?source=api-prod classification: - cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L - cvss-score: 5.8 + cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L + cvss-score: 5.5 cve-id: CVE-2022-44738 metadata: fofa-query: "wp-content/plugins/posts-and-users-stats/" diff --git a/nuclei-templates/2022/CVE-2022-4501-12a572fb6eadc0e0bbce28f92ce81aaa.yaml b/nuclei-templates/2022/CVE-2022-4501-12a572fb6eadc0e0bbce28f92ce81aaa.yaml index 8d7dd84c7b..383e921ec5 100644 --- a/nuclei-templates/2022/CVE-2022-4501-12a572fb6eadc0e0bbce28f92ce81aaa.yaml +++ b/nuclei-templates/2022/CVE-2022-4501-12a572fb6eadc0e0bbce28f92ce81aaa.yaml @@ -2,11 +2,11 @@ id: CVE-2022-4501-12a572fb6eadc0e0bbce28f92ce81aaa info: name: > - Mega Addons For WPBakery Page Builder <= 4.2.7 - Authenticated (Subscriber+) Settings Update + Mega Addons For WPBakery Page Builder <= 4.3.0 - Authenticated (Subscriber+) Settings Update author: topscoder severity: low description: > - The Mega Addons plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the vc_saving_data function in versions up to, and including, 4.2.7. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to update the plugin's settings. + The Mega Addons plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the vc_saving_data function in versions up to, and including, 4.3.0. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to update the plugin's settings. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/a1eda885-7e10-4294-9748-5359efd51754?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 4.2.7') \ No newline at end of file + - compare_versions(version, '<= 4.3.0') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-45348-0d6b54b00cb31b51168a4be4b372e01b.yaml b/nuclei-templates/2022/CVE-2022-45348-0d6b54b00cb31b51168a4be4b372e01b.yaml index 18b3aa30c3..de03f5b8f5 100644 --- a/nuclei-templates/2022/CVE-2022-45348-0d6b54b00cb31b51168a4be4b372e01b.yaml +++ b/nuclei-templates/2022/CVE-2022-45348-0d6b54b00cb31b51168a4be4b372e01b.yaml @@ -11,8 +11,8 @@ info: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/879e7695-3a61-4e65-b102-fcdc63fac688?source=api-prod classification: - cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L - cvss-score: 5.8 + cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L + cvss-score: 5.5 cve-id: CVE-2022-45348 metadata: fofa-query: "wp-content/plugins/amr-users/" diff --git a/nuclei-templates/2022/CVE-2022-4562-1da500d3ba6dc38df537b3b37c308d23.yaml b/nuclei-templates/2022/CVE-2022-4562-1da500d3ba6dc38df537b3b37c308d23.yaml index ece33e1dfd..4505da4f41 100644 --- a/nuclei-templates/2022/CVE-2022-4562-1da500d3ba6dc38df537b3b37c308d23.yaml +++ b/nuclei-templates/2022/CVE-2022-4562-1da500d3ba6dc38df537b3b37c308d23.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: low description: > - The Meks Flexible Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, [up to affected version] due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page + The Meks Flexible Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/b7d9200b-af1c-4cd2-9d34-eaff97d56967?source=api-prod diff --git a/nuclei-templates/2022/CVE-2022-45813-10c0faf0a5d46732342f9f95e5a8488f.yaml b/nuclei-templates/2022/CVE-2022-45813-10c0faf0a5d46732342f9f95e5a8488f.yaml new file mode 100644 index 0000000000..cc8cf51e8f --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-45813-10c0faf0a5d46732342f9f95e5a8488f.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-45813-10c0faf0a5d46732342f9f95e5a8488f + +info: + name: > + BeRocket Plugins <= (Various Versions) - Missing Authorization + author: topscoder + severity: low + description: > + Several BeRocket Plugins for WordPress are vulnerable to authorization bypass due to missing capability checks on functions corresponding to AJAX actions that are available to subscribers. This includes the close_notice, subscribe, disable_rate_notice, feature_request_send, get_plugin_error_ajax, close_notice, and test_key functions This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke those functions intended for administrator use. One of the functions is used to subscribe to the BeRocket newsletter and can be used by subscribers to subscribe arbitrary email addresses. These functions are still missing Cross-Site Request Forgery Protection. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b8fc89c0-292d-47b4-90b3-79edf3a9e76d?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N + cvss-score: 5.4 + cve-id: CVE-2022-45813 + metadata: + fofa-query: "wp-content/plugins/product-tabs-manager-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/product-tabs-manager-for-woocommerce/" + shodan-query: 'vuln:CVE-2022-45813' + tags: cve,wordpress,wp-plugin,product-tabs-manager-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/product-tabs-manager-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "product-tabs-manager-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.5.7') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-45813-11ff4d6767261be4052fd88e08960ed9.yaml b/nuclei-templates/2022/CVE-2022-45813-11ff4d6767261be4052fd88e08960ed9.yaml new file mode 100644 index 0000000000..78fb3f78ce --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-45813-11ff4d6767261be4052fd88e08960ed9.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-45813-11ff4d6767261be4052fd88e08960ed9 + +info: + name: > + BeRocket Plugins <= (Various Versions) - Missing Authorization + author: topscoder + severity: low + description: > + Several BeRocket Plugins for WordPress are vulnerable to authorization bypass due to missing capability checks on functions corresponding to AJAX actions that are available to subscribers. This includes the close_notice, subscribe, disable_rate_notice, feature_request_send, get_plugin_error_ajax, close_notice, and test_key functions This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke those functions intended for administrator use. One of the functions is used to subscribe to the BeRocket newsletter and can be used by subscribers to subscribe arbitrary email addresses. These functions are still missing Cross-Site Request Forgery Protection. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b8fc89c0-292d-47b4-90b3-79edf3a9e76d?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N + cvss-score: 5.4 + cve-id: CVE-2022-45813 + metadata: + fofa-query: "wp-content/plugins/gridlist-view-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/gridlist-view-for-woocommerce/" + shodan-query: 'vuln:CVE-2022-45813' + tags: cve,wordpress,wp-plugin,gridlist-view-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gridlist-view-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gridlist-view-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.3.6') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-45813-2f584316ebfab1b630b17718c41568de.yaml b/nuclei-templates/2022/CVE-2022-45813-2f584316ebfab1b630b17718c41568de.yaml index dd931fdcc5..a750de1743 100644 --- a/nuclei-templates/2022/CVE-2022-45813-2f584316ebfab1b630b17718c41568de.yaml +++ b/nuclei-templates/2022/CVE-2022-45813-2f584316ebfab1b630b17718c41568de.yaml @@ -15,17 +15,17 @@ info: cvss-score: 5.4 cve-id: CVE-2022-45813 metadata: - fofa-query: "wp-content/plugins/sales-report-for-woocommerce/" - google-query: inurl:"/wp-content/plugins/sales-report-for-woocommerce/" + fofa-query: "wp-content/plugins/product-preview-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/product-preview-for-woocommerce/" shodan-query: 'vuln:CVE-2022-45813' - tags: cve,wordpress,wp-plugin,sales-report-for-woocommerce,low + tags: cve,wordpress,wp-plugin,product-preview-for-woocommerce,low http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/sales-report-for-woocommerce/readme.txt" + - "{{BaseURL}}/wp-content/plugins/product-preview-for-woocommerce/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "sales-report-for-woocommerce" + - "product-preview-for-woocommerce" part: body - type: dsl diff --git a/nuclei-templates/2022/CVE-2022-45813-32dd0d7b25fc84c1a8f5aebcd45b460e.yaml b/nuclei-templates/2022/CVE-2022-45813-32dd0d7b25fc84c1a8f5aebcd45b460e.yaml new file mode 100644 index 0000000000..73539a9dbd --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-45813-32dd0d7b25fc84c1a8f5aebcd45b460e.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-45813-32dd0d7b25fc84c1a8f5aebcd45b460e + +info: + name: > + BeRocket Plugins <= (Various Versions) - Missing Authorization + author: topscoder + severity: low + description: > + Several BeRocket Plugins for WordPress are vulnerable to authorization bypass due to missing capability checks on functions corresponding to AJAX actions that are available to subscribers. This includes the close_notice, subscribe, disable_rate_notice, feature_request_send, get_plugin_error_ajax, close_notice, and test_key functions This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke those functions intended for administrator use. One of the functions is used to subscribe to the BeRocket newsletter and can be used by subscribers to subscribe arbitrary email addresses. These functions are still missing Cross-Site Request Forgery Protection. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b8fc89c0-292d-47b4-90b3-79edf3a9e76d?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N + cvss-score: 5.4 + cve-id: CVE-2022-45813 + metadata: + fofa-query: "wp-content/plugins/advanced-product-labels-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/advanced-product-labels-for-woocommerce/" + shodan-query: 'vuln:CVE-2022-45813' + tags: cve,wordpress,wp-plugin,advanced-product-labels-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-product-labels-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-product-labels-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.4') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-45813-3d040a9fcdcb3a15323edf06b90bac50.yaml b/nuclei-templates/2022/CVE-2022-45813-3d040a9fcdcb3a15323edf06b90bac50.yaml new file mode 100644 index 0000000000..937773e228 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-45813-3d040a9fcdcb3a15323edf06b90bac50.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-45813-3d040a9fcdcb3a15323edf06b90bac50 + +info: + name: > + BeRocket Plugins <= (Various Versions) - Missing Authorization + author: topscoder + severity: low + description: > + Several BeRocket Plugins for WordPress are vulnerable to authorization bypass due to missing capability checks on functions corresponding to AJAX actions that are available to subscribers. This includes the close_notice, subscribe, disable_rate_notice, feature_request_send, get_plugin_error_ajax, close_notice, and test_key functions This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke those functions intended for administrator use. One of the functions is used to subscribe to the BeRocket newsletter and can be used by subscribers to subscribe arbitrary email addresses. These functions are still missing Cross-Site Request Forgery Protection. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b8fc89c0-292d-47b4-90b3-79edf3a9e76d?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N + cvss-score: 5.4 + cve-id: CVE-2022-45813 + metadata: + fofa-query: "wp-content/plugins/product-watermark-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/product-watermark-for-woocommerce/" + shodan-query: 'vuln:CVE-2022-45813' + tags: cve,wordpress,wp-plugin,product-watermark-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/product-watermark-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "product-watermark-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.5.6') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-45813-558b550b62b1fbf0d3fdc9bfbf0272a6.yaml b/nuclei-templates/2022/CVE-2022-45813-558b550b62b1fbf0d3fdc9bfbf0272a6.yaml new file mode 100644 index 0000000000..833297879a --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-45813-558b550b62b1fbf0d3fdc9bfbf0272a6.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-45813-558b550b62b1fbf0d3fdc9bfbf0272a6 + +info: + name: > + BeRocket Plugins <= (Various Versions) - Missing Authorization + author: topscoder + severity: low + description: > + Several BeRocket Plugins for WordPress are vulnerable to authorization bypass due to missing capability checks on functions corresponding to AJAX actions that are available to subscribers. This includes the close_notice, subscribe, disable_rate_notice, feature_request_send, get_plugin_error_ajax, close_notice, and test_key functions This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke those functions intended for administrator use. One of the functions is used to subscribe to the BeRocket newsletter and can be used by subscribers to subscribe arbitrary email addresses. These functions are still missing Cross-Site Request Forgery Protection. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b8fc89c0-292d-47b4-90b3-79edf3a9e76d?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N + cvss-score: 5.4 + cve-id: CVE-2022-45813 + metadata: + fofa-query: "wp-content/plugins/products-compare-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/products-compare-for-woocommerce/" + shodan-query: 'vuln:CVE-2022-45813' + tags: cve,wordpress,wp-plugin,products-compare-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/products-compare-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "products-compare-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.7.7') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-45813-9fa7d8c38adf8268b8447c400c63d61c.yaml b/nuclei-templates/2022/CVE-2022-45813-9fa7d8c38adf8268b8447c400c63d61c.yaml new file mode 100644 index 0000000000..8942b3d9ca --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-45813-9fa7d8c38adf8268b8447c400c63d61c.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-45813-9fa7d8c38adf8268b8447c400c63d61c + +info: + name: > + BeRocket Plugins <= (Various Versions) - Missing Authorization + author: topscoder + severity: low + description: > + Several BeRocket Plugins for WordPress are vulnerable to authorization bypass due to missing capability checks on functions corresponding to AJAX actions that are available to subscribers. This includes the close_notice, subscribe, disable_rate_notice, feature_request_send, get_plugin_error_ajax, close_notice, and test_key functions This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke those functions intended for administrator use. One of the functions is used to subscribe to the BeRocket newsletter and can be used by subscribers to subscribe arbitrary email addresses. These functions are still missing Cross-Site Request Forgery Protection. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b8fc89c0-292d-47b4-90b3-79edf3a9e76d?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N + cvss-score: 5.4 + cve-id: CVE-2022-45813 + metadata: + fofa-query: "wp-content/plugins/minmax-quantity-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/minmax-quantity-for-woocommerce/" + shodan-query: 'vuln:CVE-2022-45813' + tags: cve,wordpress,wp-plugin,minmax-quantity-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/minmax-quantity-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "minmax-quantity-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.2.6') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-45813-fc4773d9016280d91cce5b12069fa455.yaml b/nuclei-templates/2022/CVE-2022-45813-fc4773d9016280d91cce5b12069fa455.yaml new file mode 100644 index 0000000000..0c8996b683 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-45813-fc4773d9016280d91cce5b12069fa455.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-45813-fc4773d9016280d91cce5b12069fa455 + +info: + name: > + BeRocket Plugins <= (Various Versions) - Missing Authorization + author: topscoder + severity: low + description: > + Several BeRocket Plugins for WordPress are vulnerable to authorization bypass due to missing capability checks on functions corresponding to AJAX actions that are available to subscribers. This includes the close_notice, subscribe, disable_rate_notice, feature_request_send, get_plugin_error_ajax, close_notice, and test_key functions This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke those functions intended for administrator use. One of the functions is used to subscribe to the BeRocket newsletter and can be used by subscribers to subscribe arbitrary email addresses. These functions are still missing Cross-Site Request Forgery Protection. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b8fc89c0-292d-47b4-90b3-79edf3a9e76d?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N + cvss-score: 5.4 + cve-id: CVE-2022-45813 + metadata: + fofa-query: "wp-content/plugins/brands-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/brands-for-woocommerce/" + shodan-query: 'vuln:CVE-2022-45813' + tags: cve,wordpress,wp-plugin,brands-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/brands-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "brands-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.7.0.5') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4629-23ef6883ec86cdd6255533ef14608a10.yaml b/nuclei-templates/2022/CVE-2022-4629-23ef6883ec86cdd6255533ef14608a10.yaml index 8a7a629757..021c1fa9a3 100644 --- a/nuclei-templates/2022/CVE-2022-4629-23ef6883ec86cdd6255533ef14608a10.yaml +++ b/nuclei-templates/2022/CVE-2022-4629-23ef6883ec86cdd6255533ef14608a10.yaml @@ -11,8 +11,8 @@ info: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/d11e8124-1028-4dba-bbd9-c45699d78909?source=api-prod classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N - cvss-score: 7.2 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 cve-id: CVE-2022-4629 metadata: fofa-query: "wp-content/plugins/woo-product-slider/" diff --git a/nuclei-templates/2022/CVE-2022-4675-874f5a0ecf6b75aef608e0bc514e0c8d.yaml b/nuclei-templates/2022/CVE-2022-4675-874f5a0ecf6b75aef608e0bc514e0c8d.yaml index a800ecb4b1..0e7588723c 100644 --- a/nuclei-templates/2022/CVE-2022-4675-874f5a0ecf6b75aef608e0bc514e0c8d.yaml +++ b/nuclei-templates/2022/CVE-2022-4675-874f5a0ecf6b75aef608e0bc514e0c8d.yaml @@ -11,8 +11,8 @@ info: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/7fbb7a39-936b-48f1-97f1-46dc23180b00?source=api-prod classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N - cvss-score: 6.5 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 cve-id: CVE-2022-4675 metadata: fofa-query: "wp-content/plugins/facebook-page-feed-graph-api/" diff --git a/nuclei-templates/2022/CVE-2022-46804-06f1dd343404442de5a42c14e5ddca6b.yaml b/nuclei-templates/2022/CVE-2022-46804-06f1dd343404442de5a42c14e5ddca6b.yaml index 67d5471845..f4d254ea4a 100644 --- a/nuclei-templates/2022/CVE-2022-46804-06f1dd343404442de5a42c14e5ddca6b.yaml +++ b/nuclei-templates/2022/CVE-2022-46804-06f1dd343404442de5a42c14e5ddca6b.yaml @@ -11,8 +11,8 @@ info: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/03a1724c-8fea-4e9f-a4a1-9de236e1f15a?source=api-prod classification: - cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L - cvss-score: 5.8 + cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L + cvss-score: 5.5 cve-id: CVE-2022-46804 metadata: fofa-query: "wp-content/plugins/export-users-data-distinct/" diff --git a/nuclei-templates/2022/CVE-2022-47150-00673e0f9dfc90804196831d2f257c82.yaml b/nuclei-templates/2022/CVE-2022-47150-00673e0f9dfc90804196831d2f257c82.yaml new file mode 100644 index 0000000000..187d0f59e3 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-47150-00673e0f9dfc90804196831d2f257c82.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-47150-00673e0f9dfc90804196831d2f257c82 + +info: + name: > + Appsero <= 1.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + The Appsero analytics tool used in several plugins is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the uninstall_reason_submission function used for feedback submission in versions up to, and including, 1.2.0. This makes it possible for unauthenticated attackers to invoke this function intended for administrator use via forged request, granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2022-47150 + metadata: + fofa-query: "wp-content/plugins/darklup-lite-wp-dark-mode/" + google-query: inurl:"/wp-content/plugins/darklup-lite-wp-dark-mode/" + shodan-query: 'vuln:CVE-2022-47150' + tags: cve,wordpress,wp-plugin,darklup-lite-wp-dark-mode,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/darklup-lite-wp-dark-mode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "darklup-lite-wp-dark-mode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.1') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-47150-04acd7e50d8e44f0178dc5a6db5ff63d.yaml b/nuclei-templates/2022/CVE-2022-47150-04acd7e50d8e44f0178dc5a6db5ff63d.yaml new file mode 100644 index 0000000000..8e6090dd64 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-47150-04acd7e50d8e44f0178dc5a6db5ff63d.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-47150-04acd7e50d8e44f0178dc5a6db5ff63d + +info: + name: > + Appsero <= 1.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + The Appsero analytics tool used in several plugins is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the uninstall_reason_submission function used for feedback submission in versions up to, and including, 1.2.0. This makes it possible for unauthenticated attackers to invoke this function intended for administrator use via forged request, granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2022-47150 + metadata: + fofa-query: "wp-content/plugins/click-to-top/" + google-query: inurl:"/wp-content/plugins/click-to-top/" + shodan-query: 'vuln:CVE-2022-47150' + tags: cve,wordpress,wp-plugin,click-to-top,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/click-to-top/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "click-to-top" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.19') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-47150-0e2046770d2148d773df973d9552977c.yaml b/nuclei-templates/2022/CVE-2022-47150-0e2046770d2148d773df973d9552977c.yaml new file mode 100644 index 0000000000..c9908e5b5e --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-47150-0e2046770d2148d773df973d9552977c.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-47150-0e2046770d2148d773df973d9552977c + +info: + name: > + Appsero <= 1.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + The Appsero analytics tool used in several plugins is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the uninstall_reason_submission function used for feedback submission in versions up to, and including, 1.2.0. This makes it possible for unauthenticated attackers to invoke this function intended for administrator use via forged request, granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2022-47150 + metadata: + fofa-query: "wp-content/plugins/wp-user-frontend/" + google-query: inurl:"/wp-content/plugins/wp-user-frontend/" + shodan-query: 'vuln:CVE-2022-47150' + tags: cve,wordpress,wp-plugin,wp-user-frontend,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-user-frontend/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-user-frontend" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6.0') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-47150-0f1005630bd0ec2f02ffb2e62014033b.yaml b/nuclei-templates/2022/CVE-2022-47150-0f1005630bd0ec2f02ffb2e62014033b.yaml new file mode 100644 index 0000000000..8bf46babc0 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-47150-0f1005630bd0ec2f02ffb2e62014033b.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-47150-0f1005630bd0ec2f02ffb2e62014033b + +info: + name: > + Appsero <= 1.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + The Appsero analytics tool used in several plugins is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the uninstall_reason_submission function used for feedback submission in versions up to, and including, 1.2.0. This makes it possible for unauthenticated attackers to invoke this function intended for administrator use via forged request, granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2022-47150 + metadata: + fofa-query: "wp-content/plugins/woocommerce-conversion-tracking/" + google-query: inurl:"/wp-content/plugins/woocommerce-conversion-tracking/" + shodan-query: 'vuln:CVE-2022-47150' + tags: cve,wordpress,wp-plugin,woocommerce-conversion-tracking,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-conversion-tracking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-conversion-tracking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.10') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-47150-112cd45c4b4eb86dba876cd524978ebe.yaml b/nuclei-templates/2022/CVE-2022-47150-112cd45c4b4eb86dba876cd524978ebe.yaml new file mode 100644 index 0000000000..0d3c59ff9a --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-47150-112cd45c4b4eb86dba876cd524978ebe.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-47150-112cd45c4b4eb86dba876cd524978ebe + +info: + name: > + Appsero <= 1.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + The Appsero analytics tool used in several plugins is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the uninstall_reason_submission function used for feedback submission in versions up to, and including, 1.2.0. This makes it possible for unauthenticated attackers to invoke this function intended for administrator use via forged request, granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2022-47150 + metadata: + fofa-query: "wp-content/plugins/happy-elementor-addons/" + google-query: inurl:"/wp-content/plugins/happy-elementor-addons/" + shodan-query: 'vuln:CVE-2022-47150' + tags: cve,wordpress,wp-plugin,happy-elementor-addons,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/happy-elementor-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "happy-elementor-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.8.2') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-47150-1ef5648a8919ac306ed00c005d3e0096.yaml b/nuclei-templates/2022/CVE-2022-47150-1ef5648a8919ac306ed00c005d3e0096.yaml new file mode 100644 index 0000000000..8d35fcfc9b --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-47150-1ef5648a8919ac306ed00c005d3e0096.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-47150-1ef5648a8919ac306ed00c005d3e0096 + +info: + name: > + Appsero <= 1.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + The Appsero analytics tool used in several plugins is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the uninstall_reason_submission function used for feedback submission in versions up to, and including, 1.2.0. This makes it possible for unauthenticated attackers to invoke this function intended for administrator use via forged request, granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2022-47150 + metadata: + fofa-query: "wp-content/plugins/wedevs-project-manager/" + google-query: inurl:"/wp-content/plugins/wedevs-project-manager/" + shodan-query: 'vuln:CVE-2022-47150' + tags: cve,wordpress,wp-plugin,wedevs-project-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wedevs-project-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wedevs-project-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.12') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-47150-33495f3e903feee9f8a57fa01cbdcbcb.yaml b/nuclei-templates/2022/CVE-2022-47150-33495f3e903feee9f8a57fa01cbdcbcb.yaml new file mode 100644 index 0000000000..51b0ace59b --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-47150-33495f3e903feee9f8a57fa01cbdcbcb.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-47150-33495f3e903feee9f8a57fa01cbdcbcb + +info: + name: > + Appsero <= 1.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + The Appsero analytics tool used in several plugins is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the uninstall_reason_submission function used for feedback submission in versions up to, and including, 1.2.0. This makes it possible for unauthenticated attackers to invoke this function intended for administrator use via forged request, granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2022-47150 + metadata: + fofa-query: "wp-content/plugins/boostify-header-footer-builder/" + google-query: inurl:"/wp-content/plugins/boostify-header-footer-builder/" + shodan-query: 'vuln:CVE-2022-47150' + tags: cve,wordpress,wp-plugin,boostify-header-footer-builder,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/boostify-header-footer-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "boostify-header-footer-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.8') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-47150-37a305b402db50276c053ed668ce3472.yaml b/nuclei-templates/2022/CVE-2022-47150-37a305b402db50276c053ed668ce3472.yaml new file mode 100644 index 0000000000..a5f3275398 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-47150-37a305b402db50276c053ed668ce3472.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-47150-37a305b402db50276c053ed668ce3472 + +info: + name: > + Appsero <= 1.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + The Appsero analytics tool used in several plugins is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the uninstall_reason_submission function used for feedback submission in versions up to, and including, 1.2.0. This makes it possible for unauthenticated attackers to invoke this function intended for administrator use via forged request, granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2022-47150 + metadata: + fofa-query: "wp-content/plugins/wpvr/" + google-query: inurl:"/wp-content/plugins/wpvr/" + shodan-query: 'vuln:CVE-2022-47150' + tags: cve,wordpress,wp-plugin,wpvr,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpvr/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpvr" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.2.5') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-47150-3d2cf76b0dc2a50517017ac0690a0178.yaml b/nuclei-templates/2022/CVE-2022-47150-3d2cf76b0dc2a50517017ac0690a0178.yaml new file mode 100644 index 0000000000..2cc69527c3 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-47150-3d2cf76b0dc2a50517017ac0690a0178.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-47150-3d2cf76b0dc2a50517017ac0690a0178 + +info: + name: > + Appsero <= 1.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + The Appsero analytics tool used in several plugins is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the uninstall_reason_submission function used for feedback submission in versions up to, and including, 1.2.0. This makes it possible for unauthenticated attackers to invoke this function intended for administrator use via forged request, granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2022-47150 + metadata: + fofa-query: "wp-content/plugins/w4-post-list/" + google-query: inurl:"/wp-content/plugins/w4-post-list/" + shodan-query: 'vuln:CVE-2022-47150' + tags: cve,wordpress,wp-plugin,w4-post-list,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/w4-post-list/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "w4-post-list" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.2') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-47150-4acd9560f8ec3a771a194dca89bc711a.yaml b/nuclei-templates/2022/CVE-2022-47150-4acd9560f8ec3a771a194dca89bc711a.yaml new file mode 100644 index 0000000000..3863d0dcbf --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-47150-4acd9560f8ec3a771a194dca89bc711a.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-47150-4acd9560f8ec3a771a194dca89bc711a + +info: + name: > + Appsero <= 1.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + The Appsero analytics tool used in several plugins is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the uninstall_reason_submission function used for feedback submission in versions up to, and including, 1.2.0. This makes it possible for unauthenticated attackers to invoke this function intended for administrator use via forged request, granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2022-47150 + metadata: + fofa-query: "wp-content/plugins/exclusive-addons-for-elementor/" + google-query: inurl:"/wp-content/plugins/exclusive-addons-for-elementor/" + shodan-query: 'vuln:CVE-2022-47150' + tags: cve,wordpress,wp-plugin,exclusive-addons-for-elementor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/exclusive-addons-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "exclusive-addons-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.1') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-47150-4ea7f7c2080d8e5e6de9e3e87a2445e8.yaml b/nuclei-templates/2022/CVE-2022-47150-4ea7f7c2080d8e5e6de9e3e87a2445e8.yaml new file mode 100644 index 0000000000..03751926d9 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-47150-4ea7f7c2080d8e5e6de9e3e87a2445e8.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-47150-4ea7f7c2080d8e5e6de9e3e87a2445e8 + +info: + name: > + Appsero <= 1.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + The Appsero analytics tool used in several plugins is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the uninstall_reason_submission function used for feedback submission in versions up to, and including, 1.2.0. This makes it possible for unauthenticated attackers to invoke this function intended for administrator use via forged request, granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2022-47150 + metadata: + fofa-query: "wp-content/plugins/dashboard-welcome-for-elementor/" + google-query: inurl:"/wp-content/plugins/dashboard-welcome-for-elementor/" + shodan-query: 'vuln:CVE-2022-47150' + tags: cve,wordpress,wp-plugin,dashboard-welcome-for-elementor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dashboard-welcome-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dashboard-welcome-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.6') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-47150-4eceb8bff0f43a1c167c5cb148d61a58.yaml b/nuclei-templates/2022/CVE-2022-47150-4eceb8bff0f43a1c167c5cb148d61a58.yaml new file mode 100644 index 0000000000..a4b96b5c5f --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-47150-4eceb8bff0f43a1c167c5cb148d61a58.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-47150-4eceb8bff0f43a1c167c5cb148d61a58 + +info: + name: > + Appsero <= 1.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + The Appsero analytics tool used in several plugins is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the uninstall_reason_submission function used for feedback submission in versions up to, and including, 1.2.0. This makes it possible for unauthenticated attackers to invoke this function intended for administrator use via forged request, granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2022-47150 + metadata: + fofa-query: "wp-content/plugins/unlimited-elementor-inner-sections-by-boomdevs/" + google-query: inurl:"/wp-content/plugins/unlimited-elementor-inner-sections-by-boomdevs/" + shodan-query: 'vuln:CVE-2022-47150' + tags: cve,wordpress,wp-plugin,unlimited-elementor-inner-sections-by-boomdevs,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/unlimited-elementor-inner-sections-by-boomdevs/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "unlimited-elementor-inner-sections-by-boomdevs" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.1') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-47150-50113a477fef1716e36722db3b53f133.yaml b/nuclei-templates/2022/CVE-2022-47150-50113a477fef1716e36722db3b53f133.yaml new file mode 100644 index 0000000000..532026acdd --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-47150-50113a477fef1716e36722db3b53f133.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-47150-50113a477fef1716e36722db3b53f133 + +info: + name: > + Appsero <= 1.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + The Appsero analytics tool used in several plugins is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the uninstall_reason_submission function used for feedback submission in versions up to, and including, 1.2.0. This makes it possible for unauthenticated attackers to invoke this function intended for administrator use via forged request, granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2022-47150 + metadata: + fofa-query: "wp-content/plugins/wpfunnels/" + google-query: inurl:"/wp-content/plugins/wpfunnels/" + shodan-query: 'vuln:CVE-2022-47150' + tags: cve,wordpress,wp-plugin,wpfunnels,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpfunnels/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpfunnels" + part: body + + - type: dsl + dsl: + - compare_versions(version, '2.6.4') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-47150-5d9174e83164c2fca4081692eebdc732.yaml b/nuclei-templates/2022/CVE-2022-47150-5d9174e83164c2fca4081692eebdc732.yaml new file mode 100644 index 0000000000..9b61218ebd --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-47150-5d9174e83164c2fca4081692eebdc732.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-47150-5d9174e83164c2fca4081692eebdc732 + +info: + name: > + Appsero <= 1.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + The Appsero analytics tool used in several plugins is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the uninstall_reason_submission function used for feedback submission in versions up to, and including, 1.2.0. This makes it possible for unauthenticated attackers to invoke this function intended for administrator use via forged request, granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2022-47150 + metadata: + fofa-query: "wp-content/plugins/magical-posts-display/" + google-query: inurl:"/wp-content/plugins/magical-posts-display/" + shodan-query: 'vuln:CVE-2022-47150' + tags: cve,wordpress,wp-plugin,magical-posts-display,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/magical-posts-display/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "magical-posts-display" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.15') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-47150-5e151237f69b077c800b3afe38286095.yaml b/nuclei-templates/2022/CVE-2022-47150-5e151237f69b077c800b3afe38286095.yaml new file mode 100644 index 0000000000..6f81657438 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-47150-5e151237f69b077c800b3afe38286095.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-47150-5e151237f69b077c800b3afe38286095 + +info: + name: > + Appsero <= 1.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + The Appsero analytics tool used in several plugins is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the uninstall_reason_submission function used for feedback submission in versions up to, and including, 1.2.0. This makes it possible for unauthenticated attackers to invoke this function intended for administrator use via forged request, granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2022-47150 + metadata: + fofa-query: "wp-content/plugins/cart-lift/" + google-query: inurl:"/wp-content/plugins/cart-lift/" + shodan-query: 'vuln:CVE-2022-47150' + tags: cve,wordpress,wp-plugin,cart-lift,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cart-lift/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cart-lift" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.3') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-47150-6216a5c8f51588cf8de49bb69f801237.yaml b/nuclei-templates/2022/CVE-2022-47150-6216a5c8f51588cf8de49bb69f801237.yaml new file mode 100644 index 0000000000..a9325c3053 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-47150-6216a5c8f51588cf8de49bb69f801237.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-47150-6216a5c8f51588cf8de49bb69f801237 + +info: + name: > + Appsero <= 1.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + The Appsero analytics tool used in several plugins is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the uninstall_reason_submission function used for feedback submission in versions up to, and including, 1.2.0. This makes it possible for unauthenticated attackers to invoke this function intended for administrator use via forged request, granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2022-47150 + metadata: + fofa-query: "wp-content/plugins/wc-category-showcase/" + google-query: inurl:"/wp-content/plugins/wc-category-showcase/" + shodan-query: 'vuln:CVE-2022-47150' + tags: cve,wordpress,wp-plugin,wc-category-showcase,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wc-category-showcase/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wc-category-showcase" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.9') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-47150-6f62fb8fcb37500e06d8bed1924c0971.yaml b/nuclei-templates/2022/CVE-2022-47150-6f62fb8fcb37500e06d8bed1924c0971.yaml new file mode 100644 index 0000000000..96a816b7ed --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-47150-6f62fb8fcb37500e06d8bed1924c0971.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-47150-6f62fb8fcb37500e06d8bed1924c0971 + +info: + name: > + Appsero <= 1.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + The Appsero analytics tool used in several plugins is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the uninstall_reason_submission function used for feedback submission in versions up to, and including, 1.2.0. This makes it possible for unauthenticated attackers to invoke this function intended for administrator use via forged request, granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2022-47150 + metadata: + fofa-query: "wp-content/plugins/woo-reviews-by-wiremo/" + google-query: inurl:"/wp-content/plugins/woo-reviews-by-wiremo/" + shodan-query: 'vuln:CVE-2022-47150' + tags: cve,wordpress,wp-plugin,woo-reviews-by-wiremo,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-reviews-by-wiremo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-reviews-by-wiremo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.96') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-47150-6fda93afffb93bfadd90071febf0a7b8.yaml b/nuclei-templates/2022/CVE-2022-47150-6fda93afffb93bfadd90071febf0a7b8.yaml new file mode 100644 index 0000000000..51859c84fd --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-47150-6fda93afffb93bfadd90071febf0a7b8.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-47150-6fda93afffb93bfadd90071febf0a7b8 + +info: + name: > + Appsero <= 1.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + The Appsero analytics tool used in several plugins is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the uninstall_reason_submission function used for feedback submission in versions up to, and including, 1.2.0. This makes it possible for unauthenticated attackers to invoke this function intended for administrator use via forged request, granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2022-47150 + metadata: + fofa-query: "wp-content/plugins/easy-sticky-sidebar/" + google-query: inurl:"/wp-content/plugins/easy-sticky-sidebar/" + shodan-query: 'vuln:CVE-2022-47150' + tags: cve,wordpress,wp-plugin,easy-sticky-sidebar,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-sticky-sidebar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-sticky-sidebar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.8') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-47150-725438794ab539a5805049d00f18b9a8.yaml b/nuclei-templates/2022/CVE-2022-47150-725438794ab539a5805049d00f18b9a8.yaml new file mode 100644 index 0000000000..6df38a784d --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-47150-725438794ab539a5805049d00f18b9a8.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-47150-725438794ab539a5805049d00f18b9a8 + +info: + name: > + Appsero <= 1.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + The Appsero analytics tool used in several plugins is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the uninstall_reason_submission function used for feedback submission in versions up to, and including, 1.2.0. This makes it possible for unauthenticated attackers to invoke this function intended for administrator use via forged request, granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2022-47150 + metadata: + fofa-query: "wp-content/plugins/texty/" + google-query: inurl:"/wp-content/plugins/texty/" + shodan-query: 'vuln:CVE-2022-47150' + tags: cve,wordpress,wp-plugin,texty,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/texty/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "texty" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.1') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-47150-7954e87caa04efacfb5d954a08db1303.yaml b/nuclei-templates/2022/CVE-2022-47150-7954e87caa04efacfb5d954a08db1303.yaml new file mode 100644 index 0000000000..23e791f040 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-47150-7954e87caa04efacfb5d954a08db1303.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-47150-7954e87caa04efacfb5d954a08db1303 + +info: + name: > + Appsero <= 1.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + The Appsero analytics tool used in several plugins is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the uninstall_reason_submission function used for feedback submission in versions up to, and including, 1.2.0. This makes it possible for unauthenticated attackers to invoke this function intended for administrator use via forged request, granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2022-47150 + metadata: + fofa-query: "wp-content/plugins/visibility-logic-elementor/" + google-query: inurl:"/wp-content/plugins/visibility-logic-elementor/" + shodan-query: 'vuln:CVE-2022-47150' + tags: cve,wordpress,wp-plugin,visibility-logic-elementor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/visibility-logic-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "visibility-logic-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.3') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-47150-7cbcc353fe7fb0ea70ea361c706b78fd.yaml b/nuclei-templates/2022/CVE-2022-47150-7cbcc353fe7fb0ea70ea361c706b78fd.yaml new file mode 100644 index 0000000000..ccf58ae090 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-47150-7cbcc353fe7fb0ea70ea361c706b78fd.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-47150-7cbcc353fe7fb0ea70ea361c706b78fd + +info: + name: > + Appsero <= 1.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + The Appsero analytics tool used in several plugins is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the uninstall_reason_submission function used for feedback submission in versions up to, and including, 1.2.0. This makes it possible for unauthenticated attackers to invoke this function intended for administrator use via forged request, granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2022-47150 + metadata: + fofa-query: "wp-content/plugins/gs-testimonial/" + google-query: inurl:"/wp-content/plugins/gs-testimonial/" + shodan-query: 'vuln:CVE-2022-47150' + tags: cve,wordpress,wp-plugin,gs-testimonial,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gs-testimonial/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gs-testimonial" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.7') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-47150-7fa68c9cda880770d9c4f11b36dc85ad.yaml b/nuclei-templates/2022/CVE-2022-47150-7fa68c9cda880770d9c4f11b36dc85ad.yaml new file mode 100644 index 0000000000..cb3bc1d9c4 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-47150-7fa68c9cda880770d9c4f11b36dc85ad.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-47150-7fa68c9cda880770d9c4f11b36dc85ad + +info: + name: > + Appsero <= 1.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + The Appsero analytics tool used in several plugins is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the uninstall_reason_submission function used for feedback submission in versions up to, and including, 1.2.0. This makes it possible for unauthenticated attackers to invoke this function intended for administrator use via forged request, granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2022-47150 + metadata: + fofa-query: "wp-content/plugins/bangladeshi-payment-gateways/" + google-query: inurl:"/wp-content/plugins/bangladeshi-payment-gateways/" + shodan-query: 'vuln:CVE-2022-47150' + tags: cve,wordpress,wp-plugin,bangladeshi-payment-gateways,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bangladeshi-payment-gateways/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bangladeshi-payment-gateways" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.6') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-47150-8311d3f290ac3f74f3b43581d4e11b05.yaml b/nuclei-templates/2022/CVE-2022-47150-8311d3f290ac3f74f3b43581d4e11b05.yaml new file mode 100644 index 0000000000..9cc0b6c7e9 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-47150-8311d3f290ac3f74f3b43581d4e11b05.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-47150-8311d3f290ac3f74f3b43581d4e11b05 + +info: + name: > + Appsero <= 1.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + The Appsero analytics tool used in several plugins is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the uninstall_reason_submission function used for feedback submission in versions up to, and including, 1.2.0. This makes it possible for unauthenticated attackers to invoke this function intended for administrator use via forged request, granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2022-47150 + metadata: + fofa-query: "wp-content/plugins/wp-maximum-upload-file-size/" + google-query: inurl:"/wp-content/plugins/wp-maximum-upload-file-size/" + shodan-query: 'vuln:CVE-2022-47150' + tags: cve,wordpress,wp-plugin,wp-maximum-upload-file-size,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-maximum-upload-file-size/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-maximum-upload-file-size" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.9') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-47150-919eef8e881bbfcbddf24e6f758e9295.yaml b/nuclei-templates/2022/CVE-2022-47150-919eef8e881bbfcbddf24e6f758e9295.yaml new file mode 100644 index 0000000000..4d7c494730 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-47150-919eef8e881bbfcbddf24e6f758e9295.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-47150-919eef8e881bbfcbddf24e6f758e9295 + +info: + name: > + Appsero <= 1.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + The Appsero analytics tool used in several plugins is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the uninstall_reason_submission function used for feedback submission in versions up to, and including, 1.2.0. This makes it possible for unauthenticated attackers to invoke this function intended for administrator use via forged request, granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2022-47150 + metadata: + fofa-query: "wp-content/plugins/stylish-cost-calculator/" + google-query: inurl:"/wp-content/plugins/stylish-cost-calculator/" + shodan-query: 'vuln:CVE-2022-47150' + tags: cve,wordpress,wp-plugin,stylish-cost-calculator,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/stylish-cost-calculator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "stylish-cost-calculator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.3.6') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-47150-92d06f74d67ba7652e135696ea67d4c7.yaml b/nuclei-templates/2022/CVE-2022-47150-92d06f74d67ba7652e135696ea67d4c7.yaml new file mode 100644 index 0000000000..d930be2821 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-47150-92d06f74d67ba7652e135696ea67d4c7.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-47150-92d06f74d67ba7652e135696ea67d4c7 + +info: + name: > + Appsero <= 1.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + The Appsero analytics tool used in several plugins is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the uninstall_reason_submission function used for feedback submission in versions up to, and including, 1.2.0. This makes it possible for unauthenticated attackers to invoke this function intended for administrator use via forged request, granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2022-47150 + metadata: + fofa-query: "wp-content/plugins/fuse-social-floating-sidebar/" + google-query: inurl:"/wp-content/plugins/fuse-social-floating-sidebar/" + shodan-query: 'vuln:CVE-2022-47150' + tags: cve,wordpress,wp-plugin,fuse-social-floating-sidebar,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fuse-social-floating-sidebar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fuse-social-floating-sidebar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.4.6') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-47150-93b30d6b5cad451682586b846f4ed919.yaml b/nuclei-templates/2022/CVE-2022-47150-93b30d6b5cad451682586b846f4ed919.yaml new file mode 100644 index 0000000000..7e62259d11 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-47150-93b30d6b5cad451682586b846f4ed919.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-47150-93b30d6b5cad451682586b846f4ed919 + +info: + name: > + Appsero <= 1.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + The Appsero analytics tool used in several plugins is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the uninstall_reason_submission function used for feedback submission in versions up to, and including, 1.2.0. This makes it possible for unauthenticated attackers to invoke this function intended for administrator use via forged request, granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2022-47150 + metadata: + fofa-query: "wp-content/plugins/legal-pages/" + google-query: inurl:"/wp-content/plugins/legal-pages/" + shodan-query: 'vuln:CVE-2022-47150' + tags: cve,wordpress,wp-plugin,legal-pages,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/legal-pages/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "legal-pages" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.1') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-47150-949a8d59e73c57616e3745b8b03b01fb.yaml b/nuclei-templates/2022/CVE-2022-47150-949a8d59e73c57616e3745b8b03b01fb.yaml index b8060a103a..b1cc46a458 100644 --- a/nuclei-templates/2022/CVE-2022-47150-949a8d59e73c57616e3745b8b03b01fb.yaml +++ b/nuclei-templates/2022/CVE-2022-47150-949a8d59e73c57616e3745b8b03b01fb.yaml @@ -15,17 +15,17 @@ info: cvss-score: 4.3 cve-id: CVE-2022-47150 metadata: - fofa-query: "wp-content/plugins/pt-elementor-addons-lite/" - google-query: inurl:"/wp-content/plugins/pt-elementor-addons-lite/" + fofa-query: "wp-content/plugins/update-alt-attribute/" + google-query: inurl:"/wp-content/plugins/update-alt-attribute/" shodan-query: 'vuln:CVE-2022-47150' - tags: cve,wordpress,wp-plugin,pt-elementor-addons-lite,medium + tags: cve,wordpress,wp-plugin,update-alt-attribute,medium http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/pt-elementor-addons-lite/readme.txt" + - "{{BaseURL}}/wp-content/plugins/update-alt-attribute/readme.txt" extractors: - type: regex @@ -51,9 +51,9 @@ http: - type: word words: - - "pt-elementor-addons-lite" + - "update-alt-attribute" part: body - type: dsl dsl: - - compare_versions(version, '<= 2.2') \ No newline at end of file + - compare_versions(version, '<= 2.4.3') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-47150-a4fe343b689bbca14839f0a4b3117147.yaml b/nuclei-templates/2022/CVE-2022-47150-a4fe343b689bbca14839f0a4b3117147.yaml new file mode 100644 index 0000000000..710b4021d8 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-47150-a4fe343b689bbca14839f0a4b3117147.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-47150-a4fe343b689bbca14839f0a4b3117147 + +info: + name: > + Appsero <= 1.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + The Appsero analytics tool used in several plugins is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the uninstall_reason_submission function used for feedback submission in versions up to, and including, 1.2.0. This makes it possible for unauthenticated attackers to invoke this function intended for administrator use via forged request, granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2022-47150 + metadata: + fofa-query: "wp-content/plugins/directorist/" + google-query: inurl:"/wp-content/plugins/directorist/" + shodan-query: 'vuln:CVE-2022-47150' + tags: cve,wordpress,wp-plugin,directorist,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/directorist/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "directorist" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.7.1') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-47150-a674fba7742443891aa73abca198d3c7.yaml b/nuclei-templates/2022/CVE-2022-47150-a674fba7742443891aa73abca198d3c7.yaml new file mode 100644 index 0000000000..e2ff27f19b --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-47150-a674fba7742443891aa73abca198d3c7.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-47150-a674fba7742443891aa73abca198d3c7 + +info: + name: > + Appsero <= 1.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + The Appsero analytics tool used in several plugins is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the uninstall_reason_submission function used for feedback submission in versions up to, and including, 1.2.0. This makes it possible for unauthenticated attackers to invoke this function intended for administrator use via forged request, granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2022-47150 + metadata: + fofa-query: "wp-content/plugins/wp-dark-mode/" + google-query: inurl:"/wp-content/plugins/wp-dark-mode/" + shodan-query: 'vuln:CVE-2022-47150' + tags: cve,wordpress,wp-plugin,wp-dark-mode,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-dark-mode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-dark-mode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.4') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-47150-b567c5c8ea54d32d4f0216514d8c1483.yaml b/nuclei-templates/2022/CVE-2022-47150-b567c5c8ea54d32d4f0216514d8c1483.yaml new file mode 100644 index 0000000000..8f9d3f36a9 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-47150-b567c5c8ea54d32d4f0216514d8c1483.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-47150-b567c5c8ea54d32d4f0216514d8c1483 + +info: + name: > + Appsero <= 1.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + The Appsero analytics tool used in several plugins is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the uninstall_reason_submission function used for feedback submission in versions up to, and including, 1.2.0. This makes it possible for unauthenticated attackers to invoke this function intended for administrator use via forged request, granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2022-47150 + metadata: + fofa-query: "wp-content/plugins/wemail/" + google-query: inurl:"/wp-content/plugins/wemail/" + shodan-query: 'vuln:CVE-2022-47150' + tags: cve,wordpress,wp-plugin,wemail,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wemail/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wemail" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.14.1') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-47150-ba79027bcc352aa3e9eebcff74a4b814.yaml b/nuclei-templates/2022/CVE-2022-47150-ba79027bcc352aa3e9eebcff74a4b814.yaml new file mode 100644 index 0000000000..cc9d9b38d9 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-47150-ba79027bcc352aa3e9eebcff74a4b814.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-47150-ba79027bcc352aa3e9eebcff74a4b814 + +info: + name: > + Appsero <= 1.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + The Appsero analytics tool used in several plugins is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the uninstall_reason_submission function used for feedback submission in versions up to, and including, 1.2.0. This makes it possible for unauthenticated attackers to invoke this function intended for administrator use via forged request, granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2022-47150 + metadata: + fofa-query: "wp-content/plugins/ml-slider/" + google-query: inurl:"/wp-content/plugins/ml-slider/" + shodan-query: 'vuln:CVE-2022-47150' + tags: cve,wordpress,wp-plugin,ml-slider,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ml-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ml-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.28.0') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-47150-bf6bb31d8257d802470cac17f06dcaba.yaml b/nuclei-templates/2022/CVE-2022-47150-bf6bb31d8257d802470cac17f06dcaba.yaml new file mode 100644 index 0000000000..d7c979b846 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-47150-bf6bb31d8257d802470cac17f06dcaba.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-47150-bf6bb31d8257d802470cac17f06dcaba + +info: + name: > + Appsero <= 1.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + The Appsero analytics tool used in several plugins is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the uninstall_reason_submission function used for feedback submission in versions up to, and including, 1.2.0. This makes it possible for unauthenticated attackers to invoke this function intended for administrator use via forged request, granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2022-47150 + metadata: + fofa-query: "wp-content/plugins/wp-mail-logging/" + google-query: inurl:"/wp-content/plugins/wp-mail-logging/" + shodan-query: 'vuln:CVE-2022-47150' + tags: cve,wordpress,wp-plugin,wp-mail-logging,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-mail-logging/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-mail-logging" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.10.5') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-47150-c335746d143a8f7b285ad2e302767060.yaml b/nuclei-templates/2022/CVE-2022-47150-c335746d143a8f7b285ad2e302767060.yaml new file mode 100644 index 0000000000..b6ccc1444b --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-47150-c335746d143a8f7b285ad2e302767060.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-47150-c335746d143a8f7b285ad2e302767060 + +info: + name: > + Appsero <= 1.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + The Appsero analytics tool used in several plugins is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the uninstall_reason_submission function used for feedback submission in versions up to, and including, 1.2.0. This makes it possible for unauthenticated attackers to invoke this function intended for administrator use via forged request, granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2022-47150 + metadata: + fofa-query: "wp-content/plugins/webappick-pdf-invoice-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/webappick-pdf-invoice-for-woocommerce/" + shodan-query: 'vuln:CVE-2022-47150' + tags: cve,wordpress,wp-plugin,webappick-pdf-invoice-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/webappick-pdf-invoice-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "webappick-pdf-invoice-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.8') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-47150-c4d1dd83a8d9c857d87e2b4e6b9bfb58.yaml b/nuclei-templates/2022/CVE-2022-47150-c4d1dd83a8d9c857d87e2b4e6b9bfb58.yaml new file mode 100644 index 0000000000..d08e8e7c5e --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-47150-c4d1dd83a8d9c857d87e2b4e6b9bfb58.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-47150-c4d1dd83a8d9c857d87e2b4e6b9bfb58 + +info: + name: > + Appsero <= 1.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + The Appsero analytics tool used in several plugins is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the uninstall_reason_submission function used for feedback submission in versions up to, and including, 1.2.0. This makes it possible for unauthenticated attackers to invoke this function intended for administrator use via forged request, granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2022-47150 + metadata: + fofa-query: "wp-content/plugins/woo-category-slider-by-pluginever/" + google-query: inurl:"/wp-content/plugins/woo-category-slider-by-pluginever/" + shodan-query: 'vuln:CVE-2022-47150' + tags: cve,wordpress,wp-plugin,woo-category-slider-by-pluginever,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-category-slider-by-pluginever/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-category-slider-by-pluginever" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.5') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-47150-cc7db53bea33a84a12dba795b5fceed5.yaml b/nuclei-templates/2022/CVE-2022-47150-cc7db53bea33a84a12dba795b5fceed5.yaml new file mode 100644 index 0000000000..6c147b1c38 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-47150-cc7db53bea33a84a12dba795b5fceed5.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-47150-cc7db53bea33a84a12dba795b5fceed5 + +info: + name: > + Appsero <= 1.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + The Appsero analytics tool used in several plugins is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the uninstall_reason_submission function used for feedback submission in versions up to, and including, 1.2.0. This makes it possible for unauthenticated attackers to invoke this function intended for administrator use via forged request, granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2022-47150 + metadata: + fofa-query: "wp-content/plugins/wedocs/" + google-query: inurl:"/wp-content/plugins/wedocs/" + shodan-query: 'vuln:CVE-2022-47150' + tags: cve,wordpress,wp-plugin,wedocs,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wedocs/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wedocs" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.6', '<= 1.7.5') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-47150-cf843bdb15ca9af914cbc1beb3b0532b.yaml b/nuclei-templates/2022/CVE-2022-47150-cf843bdb15ca9af914cbc1beb3b0532b.yaml new file mode 100644 index 0000000000..ba8c167db1 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-47150-cf843bdb15ca9af914cbc1beb3b0532b.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-47150-cf843bdb15ca9af914cbc1beb3b0532b + +info: + name: > + Appsero <= 1.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + The Appsero analytics tool used in several plugins is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the uninstall_reason_submission function used for feedback submission in versions up to, and including, 1.2.0. This makes it possible for unauthenticated attackers to invoke this function intended for administrator use via forged request, granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2022-47150 + metadata: + fofa-query: "wp-content/plugins/stax-buddy-builder/" + google-query: inurl:"/wp-content/plugins/stax-buddy-builder/" + shodan-query: 'vuln:CVE-2022-47150' + tags: cve,wordpress,wp-plugin,stax-buddy-builder,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/stax-buddy-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "stax-buddy-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.1') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-47150-d81fa20a8f27ff864c21850c77b1b0a7.yaml b/nuclei-templates/2022/CVE-2022-47150-d81fa20a8f27ff864c21850c77b1b0a7.yaml new file mode 100644 index 0000000000..eab648c4f5 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-47150-d81fa20a8f27ff864c21850c77b1b0a7.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-47150-d81fa20a8f27ff864c21850c77b1b0a7 + +info: + name: > + Appsero <= 1.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + The Appsero analytics tool used in several plugins is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the uninstall_reason_submission function used for feedback submission in versions up to, and including, 1.2.0. This makes it possible for unauthenticated attackers to invoke this function intended for administrator use via forged request, granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2022-47150 + metadata: + fofa-query: "wp-content/plugins/gallery-box/" + google-query: inurl:"/wp-content/plugins/gallery-box/" + shodan-query: 'vuln:CVE-2022-47150' + tags: cve,wordpress,wp-plugin,gallery-box,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gallery-box/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gallery-box" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.30') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-47150-f2930273c2cbbdce995a14180f036a03.yaml b/nuclei-templates/2022/CVE-2022-47150-f2930273c2cbbdce995a14180f036a03.yaml index 3178bcf5e5..3854bb5ab5 100644 --- a/nuclei-templates/2022/CVE-2022-47150-f2930273c2cbbdce995a14180f036a03.yaml +++ b/nuclei-templates/2022/CVE-2022-47150-f2930273c2cbbdce995a14180f036a03.yaml @@ -15,17 +15,17 @@ info: cvss-score: 4.3 cve-id: CVE-2022-47150 metadata: - fofa-query: "wp-content/plugins/woostify-sites-library/" - google-query: inurl:"/wp-content/plugins/woostify-sites-library/" + fofa-query: "wp-content/plugins/stax-addons-for-elementor/" + google-query: inurl:"/wp-content/plugins/stax-addons-for-elementor/" shodan-query: 'vuln:CVE-2022-47150' - tags: cve,wordpress,wp-plugin,woostify-sites-library,medium + tags: cve,wordpress,wp-plugin,stax-addons-for-elementor,medium http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/woostify-sites-library/readme.txt" + - "{{BaseURL}}/wp-content/plugins/stax-addons-for-elementor/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "woostify-sites-library" + - "stax-addons-for-elementor" part: body - type: dsl diff --git a/nuclei-templates/2022/CVE-2022-47150-f4e8091b91314a10a84c7c3647380a03.yaml b/nuclei-templates/2022/CVE-2022-47150-f4e8091b91314a10a84c7c3647380a03.yaml new file mode 100644 index 0000000000..7dd23c2dd3 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-47150-f4e8091b91314a10a84c7c3647380a03.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-47150-f4e8091b91314a10a84c7c3647380a03 + +info: + name: > + Appsero <= 1.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + The Appsero analytics tool used in several plugins is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the uninstall_reason_submission function used for feedback submission in versions up to, and including, 1.2.0. This makes it possible for unauthenticated attackers to invoke this function intended for administrator use via forged request, granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2022-47150 + metadata: + fofa-query: "wp-content/plugins/gs-pinterest-portfolio/" + google-query: inurl:"/wp-content/plugins/gs-pinterest-portfolio/" + shodan-query: 'vuln:CVE-2022-47150' + tags: cve,wordpress,wp-plugin,gs-pinterest-portfolio,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gs-pinterest-portfolio/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gs-pinterest-portfolio" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.2') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-47160-9daa5aa0f809cccf06e7e3029834a507.yaml b/nuclei-templates/2022/CVE-2022-47160-9daa5aa0f809cccf06e7e3029834a507.yaml index 5738702e69..71bb15bfa3 100644 --- a/nuclei-templates/2022/CVE-2022-47160-9daa5aa0f809cccf06e7e3029834a507.yaml +++ b/nuclei-templates/2022/CVE-2022-47160-9daa5aa0f809cccf06e7e3029834a507.yaml @@ -11,8 +11,8 @@ info: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/105dcbbb-9ee2-4a5a-9b65-bbac931d1080?source=api-prod classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N - cvss-score: 7.4 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N + cvss-score: 6.8 cve-id: CVE-2022-47160 metadata: fofa-query: "wp-content/plugins/wp-social/" diff --git a/nuclei-templates/2022/CVE-2022-47445-b466504054910a276f66acdf2de5fcfa.yaml b/nuclei-templates/2022/CVE-2022-47445-b466504054910a276f66acdf2de5fcfa.yaml index 9bec9cab9a..01aeee399a 100644 --- a/nuclei-templates/2022/CVE-2022-47445-b466504054910a276f66acdf2de5fcfa.yaml +++ b/nuclei-templates/2022/CVE-2022-47445-b466504054910a276f66acdf2de5fcfa.yaml @@ -11,8 +11,8 @@ info: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/eecd1497-c94e-4f67-8cc5-72afffe9fae2?source=api-prod classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N + cvss-score: 6.5 cve-id: CVE-2022-47445 metadata: fofa-query: "wp-content/plugins/be-popia-compliant/" diff --git a/nuclei-templates/2022/CVE-2022-4888-2723c43bc1aca1ba325bdaea7ab30f17.yaml b/nuclei-templates/2022/CVE-2022-4888-2723c43bc1aca1ba325bdaea7ab30f17.yaml index c61a4f28bf..5a4744884c 100644 --- a/nuclei-templates/2022/CVE-2022-4888-2723c43bc1aca1ba325bdaea7ab30f17.yaml +++ b/nuclei-templates/2022/CVE-2022-4888-2723c43bc1aca1ba325bdaea7ab30f17.yaml @@ -15,17 +15,17 @@ info: cvss-score: 4.3 cve-id: CVE-2022-4888 metadata: - fofa-query: "wp-content/plugins/addify-custom-registration-forms-builder/" - google-query: inurl:"/wp-content/plugins/addify-custom-registration-forms-builder/" + fofa-query: "wp-content/plugins/addify-free-gifts-woocommerce/" + google-query: inurl:"/wp-content/plugins/addify-free-gifts-woocommerce/" shodan-query: 'vuln:CVE-2022-4888' - tags: cve,wordpress,wp-plugin,addify-custom-registration-forms-builder,medium + tags: cve,wordpress,wp-plugin,addify-free-gifts-woocommerce,medium http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/addify-custom-registration-forms-builder/readme.txt" + - "{{BaseURL}}/wp-content/plugins/addify-free-gifts-woocommerce/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "addify-custom-registration-forms-builder" + - "addify-free-gifts-woocommerce" part: body - type: dsl diff --git a/nuclei-templates/2022/CVE-2022-4888-9382185c0a91da00885d10b7e753bac2.yaml b/nuclei-templates/2022/CVE-2022-4888-9382185c0a91da00885d10b7e753bac2.yaml new file mode 100644 index 0000000000..b85d147e7a --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4888-9382185c0a91da00885d10b7e753bac2.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4888-9382185c0a91da00885d10b7e753bac2 + +info: + name: > + Multiple Addify Plugins <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + Several Addify plugins for WordPress are vulnerable to Cross-Site Request Forgery in various versions. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to perform unauthorized actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c8065d25-2ded-4021-a53d-204242db0915?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2022-4888 + metadata: + fofa-query: "wp-content/plugins/addify-order-approval-woocommerce/" + google-query: inurl:"/wp-content/plugins/addify-order-approval-woocommerce/" + shodan-query: 'vuln:CVE-2022-4888' + tags: cve,wordpress,wp-plugin,addify-order-approval-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/addify-order-approval-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "addify-order-approval-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.0') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4888-c6d99cf999e6767fd2b1c8eeedb5758c.yaml b/nuclei-templates/2022/CVE-2022-4888-c6d99cf999e6767fd2b1c8eeedb5758c.yaml new file mode 100644 index 0000000000..1918d01596 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4888-c6d99cf999e6767fd2b1c8eeedb5758c.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4888-c6d99cf999e6767fd2b1c8eeedb5758c + +info: + name: > + Multiple Addify Plugins <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + Several Addify plugins for WordPress are vulnerable to Cross-Site Request Forgery in various versions. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to perform unauthorized actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c8065d25-2ded-4021-a53d-204242db0915?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2022-4888 + metadata: + fofa-query: "wp-content/plugins/addify-abandoned-cart-recovery/" + google-query: inurl:"/wp-content/plugins/addify-abandoned-cart-recovery/" + shodan-query: 'vuln:CVE-2022-4888' + tags: cve,wordpress,wp-plugin,addify-abandoned-cart-recovery,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/addify-abandoned-cart-recovery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "addify-abandoned-cart-recovery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.5') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4888-dcb630916033ba24548db000f8ccf17e.yaml b/nuclei-templates/2022/CVE-2022-4888-dcb630916033ba24548db000f8ccf17e.yaml index b8b1083ba1..3e1bb775b7 100644 --- a/nuclei-templates/2022/CVE-2022-4888-dcb630916033ba24548db000f8ccf17e.yaml +++ b/nuclei-templates/2022/CVE-2022-4888-dcb630916033ba24548db000f8ccf17e.yaml @@ -15,17 +15,17 @@ info: cvss-score: 4.3 cve-id: CVE-2022-4888 metadata: - fofa-query: "wp-content/plugins/addify-product-labels-and-stickers/" - google-query: inurl:"/wp-content/plugins/addify-product-labels-and-stickers/" + fofa-query: "wp-content/plugins/addify-custom-order-number/" + google-query: inurl:"/wp-content/plugins/addify-custom-order-number/" shodan-query: 'vuln:CVE-2022-4888' - tags: cve,wordpress,wp-plugin,addify-product-labels-and-stickers,medium + tags: cve,wordpress,wp-plugin,addify-custom-order-number,medium http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/addify-product-labels-and-stickers/readme.txt" + - "{{BaseURL}}/wp-content/plugins/addify-custom-order-number/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "addify-product-labels-and-stickers" + - "addify-custom-order-number" part: body - type: dsl diff --git a/nuclei-templates/2022/CVE-2022-4888-fe4725d59eccc467872a889696fa5fa6.yaml b/nuclei-templates/2022/CVE-2022-4888-fe4725d59eccc467872a889696fa5fa6.yaml new file mode 100644 index 0000000000..280fa25ec0 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4888-fe4725d59eccc467872a889696fa5fa6.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4888-fe4725d59eccc467872a889696fa5fa6 + +info: + name: > + Multiple Addify Plugins <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + Several Addify plugins for WordPress are vulnerable to Cross-Site Request Forgery in various versions. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to perform unauthorized actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c8065d25-2ded-4021-a53d-204242db0915?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2022-4888 + metadata: + fofa-query: "wp-content/plugins/addify-image-watermark-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/addify-image-watermark-for-woocommerce/" + shodan-query: 'vuln:CVE-2022-4888' + tags: cve,wordpress,wp-plugin,addify-image-watermark-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/addify-image-watermark-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "addify-image-watermark-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.1') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4950-2db9968921232eae266c9e11e73236c5.yaml b/nuclei-templates/2022/CVE-2022-4950-2db9968921232eae266c9e11e73236c5.yaml new file mode 100644 index 0000000000..d72845825d --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4950-2db9968921232eae266c9e11e73236c5.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4950-2db9968921232eae266c9e11e73236c5 + +info: + name: > + Cool Plugins (Various Versions) - Arbitrary Plugin Installation and Activation + author: topscoder + severity: low + description: > + Several WordPress plugins developed by Cool Plugins are vulnerable to arbitrary plugin installation and activation that can lead to remote code execution by authenticated attackers with minimal permissions, such as a subscriber. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f6f0fb78-ad6b-4a9e-ae1a-5793f3426379?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2022-4950 + metadata: + fofa-query: "wp-content/plugins/cryptocurrency-price-ticker-widget/" + google-query: inurl:"/wp-content/plugins/cryptocurrency-price-ticker-widget/" + shodan-query: 'vuln:CVE-2022-4950' + tags: cve,wordpress,wp-plugin,cryptocurrency-price-ticker-widget,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cryptocurrency-price-ticker-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cryptocurrency-price-ticker-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4950-3a8c68fd30e96d4a6565f07c5a028f82.yaml b/nuclei-templates/2022/CVE-2022-4950-3a8c68fd30e96d4a6565f07c5a028f82.yaml index d749cc74ec..2c7e36b73f 100644 --- a/nuclei-templates/2022/CVE-2022-4950-3a8c68fd30e96d4a6565f07c5a028f82.yaml +++ b/nuclei-templates/2022/CVE-2022-4950-3a8c68fd30e96d4a6565f07c5a028f82.yaml @@ -15,17 +15,17 @@ info: cvss-score: 8.8 cve-id: CVE-2022-4950 metadata: - fofa-query: "wp-content/plugins/events-notification-bar-addon/" - google-query: inurl:"/wp-content/plugins/events-notification-bar-addon/" + fofa-query: "wp-content/plugins/event-page-templates-addon-for-the-events-calendar/" + google-query: inurl:"/wp-content/plugins/event-page-templates-addon-for-the-events-calendar/" shodan-query: 'vuln:CVE-2022-4950' - tags: cve,wordpress,wp-plugin,events-notification-bar-addon,low + tags: cve,wordpress,wp-plugin,event-page-templates-addon-for-the-events-calendar,low http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/events-notification-bar-addon/readme.txt" + - "{{BaseURL}}/wp-content/plugins/event-page-templates-addon-for-the-events-calendar/readme.txt" extractors: - type: regex @@ -51,9 +51,9 @@ http: - type: word words: - - "events-notification-bar-addon" + - "event-page-templates-addon-for-the-events-calendar" part: body - type: dsl dsl: - - compare_versions(version, '<= 1.1') \ No newline at end of file + - compare_versions(version, '<= 1.5') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4950-e0cde1f421931de103523e3c2b39a8a3.yaml b/nuclei-templates/2022/CVE-2022-4950-e0cde1f421931de103523e3c2b39a8a3.yaml new file mode 100644 index 0000000000..1a0449338c --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4950-e0cde1f421931de103523e3c2b39a8a3.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4950-e0cde1f421931de103523e3c2b39a8a3 + +info: + name: > + Cool Plugins (Various Versions) - Arbitrary Plugin Installation and Activation + author: topscoder + severity: low + description: > + Several WordPress plugins developed by Cool Plugins are vulnerable to arbitrary plugin installation and activation that can lead to remote code execution by authenticated attackers with minimal permissions, such as a subscriber. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f6f0fb78-ad6b-4a9e-ae1a-5793f3426379?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2022-4950 + metadata: + fofa-query: "wp-content/plugins/template-events-calendar/" + google-query: inurl:"/wp-content/plugins/template-events-calendar/" + shodan-query: 'vuln:CVE-2022-4950' + tags: cve,wordpress,wp-plugin,template-events-calendar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/template-events-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "template-events-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.4') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4950-faf329a887633d9de454235f6ff65075.yaml b/nuclei-templates/2022/CVE-2022-4950-faf329a887633d9de454235f6ff65075.yaml new file mode 100644 index 0000000000..9c82871834 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4950-faf329a887633d9de454235f6ff65075.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4950-faf329a887633d9de454235f6ff65075 + +info: + name: > + Cool Plugins (Various Versions) - Arbitrary Plugin Installation and Activation + author: topscoder + severity: low + description: > + Several WordPress plugins developed by Cool Plugins are vulnerable to arbitrary plugin installation and activation that can lead to remote code execution by authenticated attackers with minimal permissions, such as a subscriber. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f6f0fb78-ad6b-4a9e-ae1a-5793f3426379?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2022-4950 + metadata: + fofa-query: "wp-content/plugins/events-widgets-for-elementor-and-the-events-calendar/" + google-query: inurl:"/wp-content/plugins/events-widgets-for-elementor-and-the-events-calendar/" + shodan-query: 'vuln:CVE-2022-4950' + tags: cve,wordpress,wp-plugin,events-widgets-for-elementor-and-the-events-calendar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/events-widgets-for-elementor-and-the-events-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "events-widgets-for-elementor-and-the-events-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.2') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-01139013acd95b38403a24093f2be7b8.yaml b/nuclei-templates/2022/CVE-2022-4974-01139013acd95b38403a24093f2be7b8.yaml new file mode 100644 index 0000000000..1fe214f25a --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-01139013acd95b38403a24093f2be7b8.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-01139013acd95b38403a24093f2be7b8 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/premmerce-woocommerce-multi-currency/" + google-query: inurl:"/wp-content/plugins/premmerce-woocommerce-multi-currency/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,premmerce-woocommerce-multi-currency,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/premmerce-woocommerce-multi-currency/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "premmerce-woocommerce-multi-currency" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.3.2') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-029772dbbc9c718e9b337b1c20807e9a.yaml b/nuclei-templates/2022/CVE-2022-4974-029772dbbc9c718e9b337b1c20807e9a.yaml new file mode 100644 index 0000000000..8282936adf --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-029772dbbc9c718e9b337b1c20807e9a.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-029772dbbc9c718e9b337b1c20807e9a + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/wp-letsencrypt-ssl/" + google-query: inurl:"/wp-content/plugins/wp-letsencrypt-ssl/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,wp-letsencrypt-ssl,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-letsencrypt-ssl/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-letsencrypt-ssl" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.7.10') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-02ae74747e9ca4533fa8476aac124374.yaml b/nuclei-templates/2022/CVE-2022-4974-02ae74747e9ca4533fa8476aac124374.yaml new file mode 100644 index 0000000000..90d157f60b --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-02ae74747e9ca4533fa8476aac124374.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-02ae74747e9ca4533fa8476aac124374 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/frontend-admin/" + google-query: inurl:"/wp-content/plugins/frontend-admin/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,frontend-admin,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/frontend-admin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "frontend-admin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.3.33') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-02e38319310d215ee6f7dac7f2227dc8.yaml b/nuclei-templates/2022/CVE-2022-4974-02e38319310d215ee6f7dac7f2227dc8.yaml new file mode 100644 index 0000000000..d4db44f9ae --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-02e38319310d215ee6f7dac7f2227dc8.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-02e38319310d215ee6f7dac7f2227dc8 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/surbma-magyar-woocommerce/" + google-query: inurl:"/wp-content/plugins/surbma-magyar-woocommerce/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,surbma-magyar-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/surbma-magyar-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "surbma-magyar-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 30.3.0') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-03a98ace5d20a0be8090c31242cc7dfa.yaml b/nuclei-templates/2022/CVE-2022-4974-03a98ace5d20a0be8090c31242cc7dfa.yaml new file mode 100644 index 0000000000..46c8791863 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-03a98ace5d20a0be8090c31242cc7dfa.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-03a98ace5d20a0be8090c31242cc7dfa + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/court-reservation/" + google-query: inurl:"/wp-content/plugins/court-reservation/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,court-reservation,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/court-reservation/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "court-reservation" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.7.0') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-053efd2f053c3966c4e6571bb62095ad.yaml b/nuclei-templates/2022/CVE-2022-4974-053efd2f053c3966c4e6571bb62095ad.yaml new file mode 100644 index 0000000000..76ea2e1561 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-053efd2f053c3966c4e6571bb62095ad.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-053efd2f053c3966c4e6571bb62095ad + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/helpie-faq/" + google-query: inurl:"/wp-content/plugins/helpie-faq/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,helpie-faq,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/helpie-faq/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "helpie-faq" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.7.7') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-05c315c45c3d1e8458984521e6889db5.yaml b/nuclei-templates/2022/CVE-2022-4974-05c315c45c3d1e8458984521e6889db5.yaml new file mode 100644 index 0000000000..30efc725d9 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-05c315c45c3d1e8458984521e6889db5.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-05c315c45c3d1e8458984521e6889db5 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/premmerce/" + google-query: inurl:"/wp-content/plugins/premmerce/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,premmerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/premmerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "premmerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.16') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-070f8fdc9803e88753e67abaef195817.yaml b/nuclei-templates/2022/CVE-2022-4974-070f8fdc9803e88753e67abaef195817.yaml new file mode 100644 index 0000000000..3535aa81f9 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-070f8fdc9803e88753e67abaef195817.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-070f8fdc9803e88753e67abaef195817 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/contact-form-7-multi-step-module/" + google-query: inurl:"/wp-content/plugins/contact-form-7-multi-step-module/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,contact-form-7-multi-step-module,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-7-multi-step-module/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-7-multi-step-module" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.1.91') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-083d8790c15f954665960bcfdc92634c.yaml b/nuclei-templates/2022/CVE-2022-4974-083d8790c15f954665960bcfdc92634c.yaml new file mode 100644 index 0000000000..673a4740a2 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-083d8790c15f954665960bcfdc92634c.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-083d8790c15f954665960bcfdc92634c + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/addons-for-divi/" + google-query: inurl:"/wp-content/plugins/addons-for-divi/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,addons-for-divi,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/addons-for-divi/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "addons-for-divi" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.5.0') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-0976594169af391fee2f91ca40f080d9.yaml b/nuclei-templates/2022/CVE-2022-4974-0976594169af391fee2f91ca40f080d9.yaml new file mode 100644 index 0000000000..ffa5254ea0 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-0976594169af391fee2f91ca40f080d9.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-0976594169af391fee2f91ca40f080d9 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/wpgt-google-translate/" + google-query: inurl:"/wp-content/plugins/wpgt-google-translate/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,wpgt-google-translate,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpgt-google-translate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpgt-google-translate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-0a490016c0c6081bbdfdd7941a21c8af.yaml b/nuclei-templates/2022/CVE-2022-4974-0a490016c0c6081bbdfdd7941a21c8af.yaml new file mode 100644 index 0000000000..20c89d8b92 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-0a490016c0c6081bbdfdd7941a21c8af.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-0a490016c0c6081bbdfdd7941a21c8af + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/bulk-edit-categories-tags/" + google-query: inurl:"/wp-content/plugins/bulk-edit-categories-tags/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,bulk-edit-categories-tags,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bulk-edit-categories-tags/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bulk-edit-categories-tags" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.23') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-0a7081ed21a64792fcfa8e8d8acf8446.yaml b/nuclei-templates/2022/CVE-2022-4974-0a7081ed21a64792fcfa8e8d8acf8446.yaml new file mode 100644 index 0000000000..800ba4e84c --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-0a7081ed21a64792fcfa8e8d8acf8446.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-0a7081ed21a64792fcfa8e8d8acf8446 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/giveasap/" + google-query: inurl:"/wp-content/plugins/giveasap/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,giveasap,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/giveasap/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "giveasap" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.42.1') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-0b7a47ebf53b4d92358fd7f837d6bb1e.yaml b/nuclei-templates/2022/CVE-2022-4974-0b7a47ebf53b4d92358fd7f837d6bb1e.yaml new file mode 100644 index 0000000000..29fa318fc4 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-0b7a47ebf53b4d92358fd7f837d6bb1e.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-0b7a47ebf53b4d92358fd7f837d6bb1e + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/woo-coupons-bulk-editor/" + google-query: inurl:"/wp-content/plugins/woo-coupons-bulk-editor/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,woo-coupons-bulk-editor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-coupons-bulk-editor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-coupons-bulk-editor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.28') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-0c1491d6d26301d18ac9c26473774100.yaml b/nuclei-templates/2022/CVE-2022-4974-0c1491d6d26301d18ac9c26473774100.yaml new file mode 100644 index 0000000000..976d8d9edb --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-0c1491d6d26301d18ac9c26473774100.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-0c1491d6d26301d18ac9c26473774100 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/go-fetch-jobs-wp-job-manager/" + google-query: inurl:"/wp-content/plugins/go-fetch-jobs-wp-job-manager/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,go-fetch-jobs-wp-job-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/go-fetch-jobs-wp-job-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "go-fetch-jobs-wp-job-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.3.2') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-0ca5e25de7cda95c37445fc459dbfa01.yaml b/nuclei-templates/2022/CVE-2022-4974-0ca5e25de7cda95c37445fc459dbfa01.yaml new file mode 100644 index 0000000000..5652c8d1d2 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-0ca5e25de7cda95c37445fc459dbfa01.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-0ca5e25de7cda95c37445fc459dbfa01 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/restricted-content/" + google-query: inurl:"/wp-content/plugins/restricted-content/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,restricted-content,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/restricted-content/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "restricted-content" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1.9') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-0d140eeb38b945d8858913a46c40b06c.yaml b/nuclei-templates/2022/CVE-2022-4974-0d140eeb38b945d8858913a46c40b06c.yaml new file mode 100644 index 0000000000..4fc8036da9 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-0d140eeb38b945d8858913a46c40b06c.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-0d140eeb38b945d8858913a46c40b06c + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/custom-codes/" + google-query: inurl:"/wp-content/plugins/custom-codes/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,custom-codes,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-codes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-codes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.3') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-0d809e05a8b934a95ae95c06597b05f3.yaml b/nuclei-templates/2022/CVE-2022-4974-0d809e05a8b934a95ae95c06597b05f3.yaml new file mode 100644 index 0000000000..02352ea957 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-0d809e05a8b934a95ae95c06597b05f3.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-0d809e05a8b934a95ae95c06597b05f3 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/ocean-extra/" + google-query: inurl:"/wp-content/plugins/ocean-extra/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,ocean-extra,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ocean-extra/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ocean-extra" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.9.4') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-0e2339661545e817b8840235d57493ae.yaml b/nuclei-templates/2022/CVE-2022-4974-0e2339661545e817b8840235d57493ae.yaml new file mode 100644 index 0000000000..3f494dab06 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-0e2339661545e817b8840235d57493ae.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-0e2339661545e817b8840235d57493ae + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/tickera-event-ticketing-system/" + google-query: inurl:"/wp-content/plugins/tickera-event-ticketing-system/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,tickera-event-ticketing-system,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tickera-event-ticketing-system/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tickera-event-ticketing-system" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.4.9.2') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-0ee87bccebdd4d3e78cef033412079c6.yaml b/nuclei-templates/2022/CVE-2022-4974-0ee87bccebdd4d3e78cef033412079c6.yaml new file mode 100644 index 0000000000..95bbb17e33 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-0ee87bccebdd4d3e78cef033412079c6.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-0ee87bccebdd4d3e78cef033412079c6 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/radio-station/" + google-query: inurl:"/wp-content/plugins/radio-station/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,radio-station,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/radio-station/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "radio-station" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.4.0.6') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-10700509ba7fde694002e3a6d68d3e31.yaml b/nuclei-templates/2022/CVE-2022-4974-10700509ba7fde694002e3a6d68d3e31.yaml new file mode 100644 index 0000000000..783ee05df8 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-10700509ba7fde694002e3a6d68d3e31.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-10700509ba7fde694002e3a6d68d3e31 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/wootrello/" + google-query: inurl:"/wp-content/plugins/wootrello/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,wootrello,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wootrello/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wootrello" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.3.1') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-14b14783f0b792d39fb5f44f0ca2d9bf.yaml b/nuclei-templates/2022/CVE-2022-4974-14b14783f0b792d39fb5f44f0ca2d9bf.yaml new file mode 100644 index 0000000000..76d2593634 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-14b14783f0b792d39fb5f44f0ca2d9bf.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-14b14783f0b792d39fb5f44f0ca2d9bf + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/animated-fullscreen-menu/" + google-query: inurl:"/wp-content/plugins/animated-fullscreen-menu/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,animated-fullscreen-menu,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/animated-fullscreen-menu/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "animated-fullscreen-menu" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.7') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-1810de92410b9d284ddfb8d8e8243d17.yaml b/nuclei-templates/2022/CVE-2022-4974-1810de92410b9d284ddfb8d8e8243d17.yaml new file mode 100644 index 0000000000..27ed9078ac --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-1810de92410b9d284ddfb8d8e8243d17.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-1810de92410b9d284ddfb8d8e8243d17 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/wp-awesome-faq/" + google-query: inurl:"/wp-content/plugins/wp-awesome-faq/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,wp-awesome-faq,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-awesome-faq/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-awesome-faq" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.1.8') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-1867603c29e8e88ea2636b886c2d93ea.yaml b/nuclei-templates/2022/CVE-2022-4974-1867603c29e8e88ea2636b886c2d93ea.yaml new file mode 100644 index 0000000000..d17cc2981c --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-1867603c29e8e88ea2636b886c2d93ea.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-1867603c29e8e88ea2636b886c2d93ea + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/url-shortify/" + google-query: inurl:"/wp-content/plugins/url-shortify/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,url-shortify,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/url-shortify/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "url-shortify" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.11') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-1895cac16f056cbe4d36fdd2f54f8726.yaml b/nuclei-templates/2022/CVE-2022-4974-1895cac16f056cbe4d36fdd2f54f8726.yaml new file mode 100644 index 0000000000..266668cca0 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-1895cac16f056cbe4d36fdd2f54f8726.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-1895cac16f056cbe4d36fdd2f54f8726 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/domain-mapping-system/" + google-query: inurl:"/wp-content/plugins/domain-mapping-system/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,domain-mapping-system,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/domain-mapping-system/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "domain-mapping-system" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.7') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-1a81b4fdfe1228173470a3b843cae7bc.yaml b/nuclei-templates/2022/CVE-2022-4974-1a81b4fdfe1228173470a3b843cae7bc.yaml new file mode 100644 index 0000000000..a6b2f56248 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-1a81b4fdfe1228173470a3b843cae7bc.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-1a81b4fdfe1228173470a3b843cae7bc + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/better-messages-wc-vendors-integration/" + google-query: inurl:"/wp-content/plugins/better-messages-wc-vendors-integration/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,better-messages-wc-vendors-integration,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/better-messages-wc-vendors-integration/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "better-messages-wc-vendors-integration" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.7') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-1bb509cb9a2092582e8c794d0af7bac8.yaml b/nuclei-templates/2022/CVE-2022-4974-1bb509cb9a2092582e8c794d0af7bac8.yaml new file mode 100644 index 0000000000..8ec39be52b --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-1bb509cb9a2092582e8c794d0af7bac8.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-1bb509cb9a2092582e8c794d0af7bac8 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/woo-ecommerce-tracking-for-google-and-facebook/" + google-query: inurl:"/wp-content/plugins/woo-ecommerce-tracking-for-google-and-facebook/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,woo-ecommerce-tracking-for-google-and-facebook,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-ecommerce-tracking-for-google-and-facebook/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-ecommerce-tracking-for-google-and-facebook" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.6.3') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-1c958602b4d0a516478db98bd7c854e5.yaml b/nuclei-templates/2022/CVE-2022-4974-1c958602b4d0a516478db98bd7c854e5.yaml new file mode 100644 index 0000000000..26fbc2e2c2 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-1c958602b4d0a516478db98bd7c854e5.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-1c958602b4d0a516478db98bd7c854e5 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/ether-and-erc20-tokens-woocommerce-payment-gateway/" + google-query: inurl:"/wp-content/plugins/ether-and-erc20-tokens-woocommerce-payment-gateway/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,ether-and-erc20-tokens-woocommerce-payment-gateway,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ether-and-erc20-tokens-woocommerce-payment-gateway/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ether-and-erc20-tokens-woocommerce-payment-gateway" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.12.9') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-1d1da6356ce509687702931ab583a99d.yaml b/nuclei-templates/2022/CVE-2022-4974-1d1da6356ce509687702931ab583a99d.yaml new file mode 100644 index 0000000000..10022b8a54 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-1d1da6356ce509687702931ab583a99d.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-1d1da6356ce509687702931ab583a99d + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/rt-easy-builder-advanced-addons-for-elementor/" + google-query: inurl:"/wp-content/plugins/rt-easy-builder-advanced-addons-for-elementor/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,rt-easy-builder-advanced-addons-for-elementor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rt-easy-builder-advanced-addons-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rt-easy-builder-advanced-addons-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-1ddc1a47c42a7b65ab2ec6d3e6eae422.yaml b/nuclei-templates/2022/CVE-2022-4974-1ddc1a47c42a7b65ab2ec6d3e6eae422.yaml new file mode 100644 index 0000000000..d7e255c774 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-1ddc1a47c42a7b65ab2ec6d3e6eae422.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-1ddc1a47c42a7b65ab2ec6d3e6eae422 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/bp-toolkit/" + google-query: inurl:"/wp-content/plugins/bp-toolkit/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,bp-toolkit,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bp-toolkit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bp-toolkit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.3.3') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-215bb39cd24cfaf3c7acf4e324020e7a.yaml b/nuclei-templates/2022/CVE-2022-4974-215bb39cd24cfaf3c7acf4e324020e7a.yaml new file mode 100644 index 0000000000..6f9b58bc2e --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-215bb39cd24cfaf3c7acf4e324020e7a.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-215bb39cd24cfaf3c7acf4e324020e7a + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/mycred/" + google-query: inurl:"/wp-content/plugins/mycred/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,mycred,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mycred/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mycred" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.4.3.1') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-216c475d2d2d13eb4a062cce63f9b4e3.yaml b/nuclei-templates/2022/CVE-2022-4974-216c475d2d2d13eb4a062cce63f9b4e3.yaml new file mode 100644 index 0000000000..7b409a677a --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-216c475d2d2d13eb4a062cce63f9b4e3.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-216c475d2d2d13eb4a062cce63f9b4e3 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/postmatic/" + google-query: inurl:"/wp-content/plugins/postmatic/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,postmatic,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/postmatic/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "postmatic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.2.9') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-217390210478aa0587f5e7f241b1af34.yaml b/nuclei-templates/2022/CVE-2022-4974-217390210478aa0587f5e7f241b1af34.yaml new file mode 100644 index 0000000000..bf07c3ffac --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-217390210478aa0587f5e7f241b1af34.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-217390210478aa0587f5e7f241b1af34 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/da-reactions/" + google-query: inurl:"/wp-content/plugins/da-reactions/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,da-reactions,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/da-reactions/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "da-reactions" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.20.2') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-2305d17506d2f571ffc894884b20602b.yaml b/nuclei-templates/2022/CVE-2022-4974-2305d17506d2f571ffc894884b20602b.yaml new file mode 100644 index 0000000000..9dd055fc56 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-2305d17506d2f571ffc894884b20602b.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-2305d17506d2f571ffc894884b20602b + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/cryptocurrency-product-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/cryptocurrency-product-for-woocommerce/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,cryptocurrency-product-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cryptocurrency-product-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cryptocurrency-product-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.14.6') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-239819ca32844a2aa6c74c8639858ccb.yaml b/nuclei-templates/2022/CVE-2022-4974-239819ca32844a2aa6c74c8639858ccb.yaml new file mode 100644 index 0000000000..f3a8cf3bb7 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-239819ca32844a2aa6c74c8639858ccb.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-239819ca32844a2aa6c74c8639858ccb + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/easy-code-snippets/" + google-query: inurl:"/wp-content/plugins/easy-code-snippets/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,easy-code-snippets,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-code-snippets/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-code-snippets" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.1') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-23eac760e664ab18d173e4aabb9d10d7.yaml b/nuclei-templates/2022/CVE-2022-4974-23eac760e664ab18d173e4aabb9d10d7.yaml new file mode 100644 index 0000000000..16c8fa2ceb --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-23eac760e664ab18d173e4aabb9d10d7.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-23eac760e664ab18d173e4aabb9d10d7 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/woocommerce-es/" + google-query: inurl:"/wp-content/plugins/woocommerce-es/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,woocommerce-es,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-es/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-es" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-24a5e6e71d2e98ce73b85cf4a837e007.yaml b/nuclei-templates/2022/CVE-2022-4974-24a5e6e71d2e98ce73b85cf4a837e007.yaml new file mode 100644 index 0000000000..b6eddfdc3e --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-24a5e6e71d2e98ce73b85cf4a837e007.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-24a5e6e71d2e98ce73b85cf4a837e007 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/easy-tiktok-feed/" + google-query: inurl:"/wp-content/plugins/easy-tiktok-feed/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,easy-tiktok-feed,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-tiktok-feed/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-tiktok-feed" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.1') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-2551a852a2322f801f9d791245c4c110.yaml b/nuclei-templates/2022/CVE-2022-4974-2551a852a2322f801f9d791245c4c110.yaml new file mode 100644 index 0000000000..cdffa95cfd --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-2551a852a2322f801f9d791245c4c110.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-2551a852a2322f801f9d791245c4c110 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/wp-auto-republish/" + google-query: inurl:"/wp-content/plugins/wp-auto-republish/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,wp-auto-republish,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-auto-republish/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-auto-republish" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.1') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-259d82f171df2096a44f549c37c7fa76.yaml b/nuclei-templates/2022/CVE-2022-4974-259d82f171df2096a44f549c37c7fa76.yaml new file mode 100644 index 0000000000..48dda75d3e --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-259d82f171df2096a44f549c37c7fa76.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-259d82f171df2096a44f549c37c7fa76 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/spotlight-social-photo-feeds/" + google-query: inurl:"/wp-content/plugins/spotlight-social-photo-feeds/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,spotlight-social-photo-feeds,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/spotlight-social-photo-feeds/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "spotlight-social-photo-feeds" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 0.10.2') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-2618ea29966a00dacc3218b0191a436f.yaml b/nuclei-templates/2022/CVE-2022-4974-2618ea29966a00dacc3218b0191a436f.yaml new file mode 100644 index 0000000000..298bab26bf --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-2618ea29966a00dacc3218b0191a436f.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-2618ea29966a00dacc3218b0191a436f + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/blocked-in-china/" + google-query: inurl:"/wp-content/plugins/blocked-in-china/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,blocked-in-china,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/blocked-in-china/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "blocked-in-china" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.3') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-2949407f0632df90e242afb06274c269.yaml b/nuclei-templates/2022/CVE-2022-4974-2949407f0632df90e242afb06274c269.yaml new file mode 100644 index 0000000000..277bd4486a --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-2949407f0632df90e242afb06274c269.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-2949407f0632df90e242afb06274c269 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/more-better-reviews-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/more-better-reviews-for-woocommerce/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,more-better-reviews-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/more-better-reviews-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "more-better-reviews-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.6') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-29f68acecebcb85adb5ceb0b7e8e120b.yaml b/nuclei-templates/2022/CVE-2022-4974-29f68acecebcb85adb5ceb0b7e8e120b.yaml new file mode 100644 index 0000000000..115885e1ec --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-29f68acecebcb85adb5ceb0b7e8e120b.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-29f68acecebcb85adb5ceb0b7e8e120b + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/woo-floating-cart-lite/" + google-query: inurl:"/wp-content/plugins/woo-floating-cart-lite/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,woo-floating-cart-lite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-floating-cart-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-floating-cart-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.6.3') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-2a713d8b0c9843d25feff67f63352636.yaml b/nuclei-templates/2022/CVE-2022-4974-2a713d8b0c9843d25feff67f63352636.yaml new file mode 100644 index 0000000000..6517c685ec --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-2a713d8b0c9843d25feff67f63352636.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-2a713d8b0c9843d25feff67f63352636 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/contact-list/" + google-query: inurl:"/wp-content/plugins/contact-list/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,contact-list,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-list/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-list" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.9.50') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-2b078b741eed150090c50cb25d279432.yaml b/nuclei-templates/2022/CVE-2022-4974-2b078b741eed150090c50cb25d279432.yaml new file mode 100644 index 0000000000..c7432cbe46 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-2b078b741eed150090c50cb25d279432.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-2b078b741eed150090c50cb25d279432 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/wupo-group-attributes/" + google-query: inurl:"/wp-content/plugins/wupo-group-attributes/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,wupo-group-attributes,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wupo-group-attributes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wupo-group-attributes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.0') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-2b92f55da6ef5e2de1d6db7d28f7dc96.yaml b/nuclei-templates/2022/CVE-2022-4974-2b92f55da6ef5e2de1d6db7d28f7dc96.yaml new file mode 100644 index 0000000000..313ee7d504 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-2b92f55da6ef5e2de1d6db7d28f7dc96.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-2b92f55da6ef5e2de1d6db7d28f7dc96 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/foobar-notifications-lite/" + google-query: inurl:"/wp-content/plugins/foobar-notifications-lite/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,foobar-notifications-lite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/foobar-notifications-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "foobar-notifications-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1.15') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-2d14f0f2e87749b73c8f80087aca44fd.yaml b/nuclei-templates/2022/CVE-2022-4974-2d14f0f2e87749b73c8f80087aca44fd.yaml new file mode 100644 index 0000000000..3d36541a80 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-2d14f0f2e87749b73c8f80087aca44fd.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-2d14f0f2e87749b73c8f80087aca44fd + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/widgets-on-pages/" + google-query: inurl:"/wp-content/plugins/widgets-on-pages/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,widgets-on-pages,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/widgets-on-pages/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "widgets-on-pages" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.6.0') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-2d2331b41508cb79f0a1ea3a2e92d133.yaml b/nuclei-templates/2022/CVE-2022-4974-2d2331b41508cb79f0a1ea3a2e92d133.yaml new file mode 100644 index 0000000000..9ce69e0423 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-2d2331b41508cb79f0a1ea3a2e92d133.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-2d2331b41508cb79f0a1ea3a2e92d133 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/faq-manager-with-structured-data/" + google-query: inurl:"/wp-content/plugins/faq-manager-with-structured-data/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,faq-manager-with-structured-data,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/faq-manager-with-structured-data/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "faq-manager-with-structured-data" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.4.1') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-2d3075ac9da71d5c985dc0ed024b9ec4.yaml b/nuclei-templates/2022/CVE-2022-4974-2d3075ac9da71d5c985dc0ed024b9ec4.yaml new file mode 100644 index 0000000000..c7a0d126d6 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-2d3075ac9da71d5c985dc0ed024b9ec4.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-2d3075ac9da71d5c985dc0ed024b9ec4 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/woo-shipping-display-mode/" + google-query: inurl:"/wp-content/plugins/woo-shipping-display-mode/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,woo-shipping-display-mode,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-shipping-display-mode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-shipping-display-mode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.7.5') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-2daa97f5f679394d2fafc1a07fa0e306.yaml b/nuclei-templates/2022/CVE-2022-4974-2daa97f5f679394d2fafc1a07fa0e306.yaml new file mode 100644 index 0000000000..a8475d6201 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-2daa97f5f679394d2fafc1a07fa0e306.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-2daa97f5f679394d2fafc1a07fa0e306 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/better-sharing/" + google-query: inurl:"/wp-content/plugins/better-sharing/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,better-sharing,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/better-sharing/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "better-sharing" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.1') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-2eb2ad93209e7797221e4672f0518887.yaml b/nuclei-templates/2022/CVE-2022-4974-2eb2ad93209e7797221e4672f0518887.yaml new file mode 100644 index 0000000000..a322e4bd70 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-2eb2ad93209e7797221e4672f0518887.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-2eb2ad93209e7797221e4672f0518887 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/tier-pricing-table/" + google-query: inurl:"/wp-content/plugins/tier-pricing-table/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,tier-pricing-table,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tier-pricing-table/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tier-pricing-table" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.6.1') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-2f124e661550238bcf24d2f0076804d8.yaml b/nuclei-templates/2022/CVE-2022-4974-2f124e661550238bcf24d2f0076804d8.yaml new file mode 100644 index 0000000000..3667abcbad --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-2f124e661550238bcf24d2f0076804d8.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-2f124e661550238bcf24d2f0076804d8 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/food-store/" + google-query: inurl:"/wp-content/plugins/food-store/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,food-store,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/food-store/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "food-store" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.4') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-302ec96a0e557b9b3a4cbc865c7b5e86.yaml b/nuclei-templates/2022/CVE-2022-4974-302ec96a0e557b9b3a4cbc865c7b5e86.yaml index 27efdd251d..3da530fd22 100644 --- a/nuclei-templates/2022/CVE-2022-4974-302ec96a0e557b9b3a4cbc865c7b5e86.yaml +++ b/nuclei-templates/2022/CVE-2022-4974-302ec96a0e557b9b3a4cbc865c7b5e86.yaml @@ -15,17 +15,17 @@ info: cvss-score: 6.3 cve-id: CVE-2022-4974 metadata: - fofa-query: "wp-content/plugins/woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers/" - google-query: inurl:"/wp-content/plugins/woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers/" + fofa-query: "wp-content/plugins/w3s-cf7-zoho/" + google-query: inurl:"/wp-content/plugins/w3s-cf7-zoho/" shodan-query: 'vuln:CVE-2022-4974' - tags: cve,wordpress,wp-plugin,woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers,medium + tags: cve,wordpress,wp-plugin,w3s-cf7-zoho,medium http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers/readme.txt" + - "{{BaseURL}}/wp-content/plugins/w3s-cf7-zoho/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers" + - "w3s-cf7-zoho" part: body - type: dsl diff --git a/nuclei-templates/2022/CVE-2022-4974-311b8fcdee427f1dc85e4fc30edd2313.yaml b/nuclei-templates/2022/CVE-2022-4974-311b8fcdee427f1dc85e4fc30edd2313.yaml new file mode 100644 index 0000000000..bd29d6dee4 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-311b8fcdee427f1dc85e4fc30edd2313.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-311b8fcdee427f1dc85e4fc30edd2313 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/alt-manager/" + google-query: inurl:"/wp-content/plugins/alt-manager/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,alt-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/alt-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "alt-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.0') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-322a86f28cc5049106653fa64c408640.yaml b/nuclei-templates/2022/CVE-2022-4974-322a86f28cc5049106653fa64c408640.yaml new file mode 100644 index 0000000000..95b30b108e --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-322a86f28cc5049106653fa64c408640.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-322a86f28cc5049106653fa64c408640 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/block-styler-for-gravity-forms/" + google-query: inurl:"/wp-content/plugins/block-styler-for-gravity-forms/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,block-styler-for-gravity-forms,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/block-styler-for-gravity-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "block-styler-for-gravity-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.1.0') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-323d31abc6d4119a0d2c31c24f9fc5bf.yaml b/nuclei-templates/2022/CVE-2022-4974-323d31abc6d4119a0d2c31c24f9fc5bf.yaml new file mode 100644 index 0000000000..a0c8ee62af --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-323d31abc6d4119a0d2c31c24f9fc5bf.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-323d31abc6d4119a0d2c31c24f9fc5bf + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/themes/unakit/" + google-query: inurl:"/wp-content/themes/unakit/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-theme,unakit,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/unakit/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "unakit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.4.2') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-340412de430ddac89cc6028eb15c91fd.yaml b/nuclei-templates/2022/CVE-2022-4974-340412de430ddac89cc6028eb15c91fd.yaml new file mode 100644 index 0000000000..e386b2ac46 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-340412de430ddac89cc6028eb15c91fd.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-340412de430ddac89cc6028eb15c91fd + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/add-search-to-menu/" + google-query: inurl:"/wp-content/plugins/add-search-to-menu/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,add-search-to-menu,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/add-search-to-menu/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "add-search-to-menu" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.4.4') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-34a1768c6a1ff48a67c7378fdb3cbafc.yaml b/nuclei-templates/2022/CVE-2022-4974-34a1768c6a1ff48a67c7378fdb3cbafc.yaml new file mode 100644 index 0000000000..7686971f08 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-34a1768c6a1ff48a67c7378fdb3cbafc.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-34a1768c6a1ff48a67c7378fdb3cbafc + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/woosquare/" + google-query: inurl:"/wp-content/plugins/woosquare/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,woosquare,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woosquare/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woosquare" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.2.1') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-35c55d11556f094a1d0b553d79f21ad3.yaml b/nuclei-templates/2022/CVE-2022-4974-35c55d11556f094a1d0b553d79f21ad3.yaml new file mode 100644 index 0000000000..5e9b61665b --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-35c55d11556f094a1d0b553d79f21ad3.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-35c55d11556f094a1d0b553d79f21ad3 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/caxton/" + google-query: inurl:"/wp-content/plugins/caxton/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,caxton,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/caxton/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "caxton" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.30.0') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-372ab22b3c23378da71b4c8a072d10b2.yaml b/nuclei-templates/2022/CVE-2022-4974-372ab22b3c23378da71b4c8a072d10b2.yaml new file mode 100644 index 0000000000..7b4dda12b7 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-372ab22b3c23378da71b4c8a072d10b2.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-372ab22b3c23378da71b4c8a072d10b2 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/woo-paylate/" + google-query: inurl:"/wp-content/plugins/woo-paylate/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,woo-paylate,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-paylate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-paylate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-374d433f7f526aae106bc18fb712e8c6.yaml b/nuclei-templates/2022/CVE-2022-4974-374d433f7f526aae106bc18fb712e8c6.yaml new file mode 100644 index 0000000000..44fa07ff7b --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-374d433f7f526aae106bc18fb712e8c6.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-374d433f7f526aae106bc18fb712e8c6 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/tripetto/" + google-query: inurl:"/wp-content/plugins/tripetto/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,tripetto,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tripetto/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tripetto" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.3.1') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-380c7c52cb60cf8fba6e4cde23cc55fc.yaml b/nuclei-templates/2022/CVE-2022-4974-380c7c52cb60cf8fba6e4cde23cc55fc.yaml new file mode 100644 index 0000000000..7331d7792a --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-380c7c52cb60cf8fba6e4cde23cc55fc.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-380c7c52cb60cf8fba6e4cde23cc55fc + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/music-player-for-elementor/" + google-query: inurl:"/wp-content/plugins/music-player-for-elementor/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,music-player-for-elementor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/music-player-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "music-player-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.5') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-3ae874fafbfc9ef2a81cbd33a387b07b.yaml b/nuclei-templates/2022/CVE-2022-4974-3ae874fafbfc9ef2a81cbd33a387b07b.yaml new file mode 100644 index 0000000000..cf798d2118 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-3ae874fafbfc9ef2a81cbd33a387b07b.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-3ae874fafbfc9ef2a81cbd33a387b07b + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/xt-woo-variation-swatches/" + google-query: inurl:"/wp-content/plugins/xt-woo-variation-swatches/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,xt-woo-variation-swatches,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/xt-woo-variation-swatches/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "xt-woo-variation-swatches" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.8.1') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-3af4a5a3ade3c2454afe24c13f9c53c7.yaml b/nuclei-templates/2022/CVE-2022-4974-3af4a5a3ade3c2454afe24c13f9c53c7.yaml new file mode 100644 index 0000000000..41feb9cea0 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-3af4a5a3ade3c2454afe24c13f9c53c7.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-3af4a5a3ade3c2454afe24c13f9c53c7 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/genealogical-tree/" + google-query: inurl:"/wp-content/plugins/genealogical-tree/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,genealogical-tree,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/genealogical-tree/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "genealogical-tree" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.5') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-3b8f7beffc888d4f2a58eb0cf928f284.yaml b/nuclei-templates/2022/CVE-2022-4974-3b8f7beffc888d4f2a58eb0cf928f284.yaml new file mode 100644 index 0000000000..6bb7a6cd38 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-3b8f7beffc888d4f2a58eb0cf928f284.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-3b8f7beffc888d4f2a58eb0cf928f284 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/page-builder-sandwich/" + google-query: inurl:"/wp-content/plugins/page-builder-sandwich/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,page-builder-sandwich,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/page-builder-sandwich/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "page-builder-sandwich" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.5.5') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-3c4633f862fe424b8369187e3f928793.yaml b/nuclei-templates/2022/CVE-2022-4974-3c4633f862fe424b8369187e3f928793.yaml new file mode 100644 index 0000000000..12bbcb4f23 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-3c4633f862fe424b8369187e3f928793.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-3c4633f862fe424b8369187e3f928793 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/woocommerce-product-payments/" + google-query: inurl:"/wp-content/plugins/woocommerce-product-payments/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,woocommerce-product-payments,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-product-payments/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-product-payments" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.1.6') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-3c62c3ae8a7da8e8d5b8642bdd5380f1.yaml b/nuclei-templates/2022/CVE-2022-4974-3c62c3ae8a7da8e8d5b8642bdd5380f1.yaml new file mode 100644 index 0000000000..f220f79ba3 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-3c62c3ae8a7da8e8d5b8642bdd5380f1.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-3c62c3ae8a7da8e8d5b8642bdd5380f1 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/premmerce-user-roles/" + google-query: inurl:"/wp-content/plugins/premmerce-user-roles/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,premmerce-user-roles,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/premmerce-user-roles/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "premmerce-user-roles" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.11') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-3e32185074374c89c7d1499ee90b8979.yaml b/nuclei-templates/2022/CVE-2022-4974-3e32185074374c89c7d1499ee90b8979.yaml new file mode 100644 index 0000000000..608ef96d46 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-3e32185074374c89c7d1499ee90b8979.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-3e32185074374c89c7d1499ee90b8979 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/quick-event-manager/" + google-query: inurl:"/wp-content/plugins/quick-event-manager/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,quick-event-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quick-event-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quick-event-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 9.2.17') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-3ecc29bc027c0dadec1c48ed62e636d7.yaml b/nuclei-templates/2022/CVE-2022-4974-3ecc29bc027c0dadec1c48ed62e636d7.yaml new file mode 100644 index 0000000000..757d41ee4d --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-3ecc29bc027c0dadec1c48ed62e636d7.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-3ecc29bc027c0dadec1c48ed62e636d7 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/themes/hasium/" + google-query: inurl:"/wp-content/themes/hasium/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-theme,hasium,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/hasium/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "hasium" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.6.5') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-3ed99eac04fc31b268b617314a702659.yaml b/nuclei-templates/2022/CVE-2022-4974-3ed99eac04fc31b268b617314a702659.yaml new file mode 100644 index 0000000000..3f4aa57c2b --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-3ed99eac04fc31b268b617314a702659.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-3ed99eac04fc31b268b617314a702659 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/wp-hr-manager/" + google-query: inurl:"/wp-content/plugins/wp-hr-manager/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,wp-hr-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-hr-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-hr-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.0.3') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-3f10ebed7e003234954fceba6ae05996.yaml b/nuclei-templates/2022/CVE-2022-4974-3f10ebed7e003234954fceba6ae05996.yaml new file mode 100644 index 0000000000..1298034acc --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-3f10ebed7e003234954fceba6ae05996.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-3f10ebed7e003234954fceba6ae05996 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/premmerce-search/" + google-query: inurl:"/wp-content/plugins/premmerce-search/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,premmerce-search,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/premmerce-search/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "premmerce-search" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.2.3') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-3f5ea2ab722cbfdc5d2e887259b4e452.yaml b/nuclei-templates/2022/CVE-2022-4974-3f5ea2ab722cbfdc5d2e887259b4e452.yaml new file mode 100644 index 0000000000..74338a14fc --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-3f5ea2ab722cbfdc5d2e887259b4e452.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-3f5ea2ab722cbfdc5d2e887259b4e452 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/market-exporter/" + google-query: inurl:"/wp-content/plugins/market-exporter/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,market-exporter,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/market-exporter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "market-exporter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.13') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-3f69ff78ae10f21bea7c3debf8a38b35.yaml b/nuclei-templates/2022/CVE-2022-4974-3f69ff78ae10f21bea7c3debf8a38b35.yaml new file mode 100644 index 0000000000..6cdbdd5f99 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-3f69ff78ae10f21bea7c3debf8a38b35.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-3f69ff78ae10f21bea7c3debf8a38b35 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/user-menus/" + google-query: inurl:"/wp-content/plugins/user-menus/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,user-menus,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/user-menus/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "user-menus" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.9') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-3f79b4d1b8da042c76de6185dfe31a0b.yaml b/nuclei-templates/2022/CVE-2022-4974-3f79b4d1b8da042c76de6185dfe31a0b.yaml new file mode 100644 index 0000000000..05b21894f2 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-3f79b4d1b8da042c76de6185dfe31a0b.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-3f79b4d1b8da042c76de6185dfe31a0b + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/uni-woo-custom-product-options/" + google-query: inurl:"/wp-content/plugins/uni-woo-custom-product-options/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,uni-woo-custom-product-options,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/uni-woo-custom-product-options/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "uni-woo-custom-product-options" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.9.14') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-3fcec0062b369c1c7a6529cb63b38f07.yaml b/nuclei-templates/2022/CVE-2022-4974-3fcec0062b369c1c7a6529cb63b38f07.yaml new file mode 100644 index 0000000000..f411c4adcd --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-3fcec0062b369c1c7a6529cb63b38f07.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-3fcec0062b369c1c7a6529cb63b38f07 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/kk-star-ratings/" + google-query: inurl:"/wp-content/plugins/kk-star-ratings/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,kk-star-ratings,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/kk-star-ratings/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "kk-star-ratings" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.2.9') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-3fe2a682b28d7fd641ff5544a3e0d08c.yaml b/nuclei-templates/2022/CVE-2022-4974-3fe2a682b28d7fd641ff5544a3e0d08c.yaml new file mode 100644 index 0000000000..2359ea823e --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-3fe2a682b28d7fd641ff5544a3e0d08c.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-3fe2a682b28d7fd641ff5544a3e0d08c + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/livemesh-siteorigin-widgets/" + google-query: inurl:"/wp-content/plugins/livemesh-siteorigin-widgets/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,livemesh-siteorigin-widgets,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/livemesh-siteorigin-widgets/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "livemesh-siteorigin-widgets" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.8.3') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-43fbfa8747e9a4e71021d010e6bbc20b.yaml b/nuclei-templates/2022/CVE-2022-4974-43fbfa8747e9a4e71021d010e6bbc20b.yaml new file mode 100644 index 0000000000..0d7b68e94f --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-43fbfa8747e9a4e71021d010e6bbc20b.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-43fbfa8747e9a4e71021d010e6bbc20b + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/treepress/" + google-query: inurl:"/wp-content/plugins/treepress/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,treepress,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/treepress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "treepress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.21') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-443e49502a19406251e7c33fc064817f.yaml b/nuclei-templates/2022/CVE-2022-4974-443e49502a19406251e7c33fc064817f.yaml new file mode 100644 index 0000000000..80039707c4 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-443e49502a19406251e7c33fc064817f.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-443e49502a19406251e7c33fc064817f + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/contest-code-checker/" + google-query: inurl:"/wp-content/plugins/contest-code-checker/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,contest-code-checker,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contest-code-checker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contest-code-checker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.9.0') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-44aec2557792a3e87d1bf8cd2ea5f132.yaml b/nuclei-templates/2022/CVE-2022-4974-44aec2557792a3e87d1bf8cd2ea5f132.yaml new file mode 100644 index 0000000000..230c0174be --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-44aec2557792a3e87d1bf8cd2ea5f132.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-44aec2557792a3e87d1bf8cd2ea5f132 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/wp-spid-italia/" + google-query: inurl:"/wp-content/plugins/wp-spid-italia/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,wp-spid-italia,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-spid-italia/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-spid-italia" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.3.5') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-45491c27cb4ab27169741d815a6a1529.yaml b/nuclei-templates/2022/CVE-2022-4974-45491c27cb4ab27169741d815a6a1529.yaml new file mode 100644 index 0000000000..8834b12f20 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-45491c27cb4ab27169741d815a6a1529.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-45491c27cb4ab27169741d815a6a1529 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/webinar-ignition/" + google-query: inurl:"/wp-content/plugins/webinar-ignition/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,webinar-ignition,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/webinar-ignition/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "webinar-ignition" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.8.12') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-45a4d9b5b716af9eb5f5cf5c683a0860.yaml b/nuclei-templates/2022/CVE-2022-4974-45a4d9b5b716af9eb5f5cf5c683a0860.yaml new file mode 100644 index 0000000000..17c710f382 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-45a4d9b5b716af9eb5f5cf5c683a0860.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-45a4d9b5b716af9eb5f5cf5c683a0860 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/themes/arendelle/" + google-query: inurl:"/wp-content/themes/arendelle/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-theme,arendelle,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/arendelle/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "arendelle" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.3') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-45a9412039f4cc61b230a4f98d5fbd8b.yaml b/nuclei-templates/2022/CVE-2022-4974-45a9412039f4cc61b230a4f98d5fbd8b.yaml new file mode 100644 index 0000000000..91aad18f82 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-45a9412039f4cc61b230a4f98d5fbd8b.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-45a9412039f4cc61b230a4f98d5fbd8b + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/featured-images-for-rss-feeds/" + google-query: inurl:"/wp-content/plugins/featured-images-for-rss-feeds/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,featured-images-for-rss-feeds,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/featured-images-for-rss-feeds/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "featured-images-for-rss-feeds" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.9') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-45e1f624ab627da6d23267d5b9bd6d53.yaml b/nuclei-templates/2022/CVE-2022-4974-45e1f624ab627da6d23267d5b9bd6d53.yaml new file mode 100644 index 0000000000..cb38c64802 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-45e1f624ab627da6d23267d5b9bd6d53.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-45e1f624ab627da6d23267d5b9bd6d53 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/woo-conditional-payment-gateways/" + google-query: inurl:"/wp-content/plugins/woo-conditional-payment-gateways/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,woo-conditional-payment-gateways,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-conditional-payment-gateways/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-conditional-payment-gateways" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.13.1.1') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-4680cbd47cabde353c47e5bd896bfcd5.yaml b/nuclei-templates/2022/CVE-2022-4974-4680cbd47cabde353c47e5bd896bfcd5.yaml new file mode 100644 index 0000000000..37fb8bc6c4 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-4680cbd47cabde353c47e5bd896bfcd5.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-4680cbd47cabde353c47e5bd896bfcd5 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/quick-contact-form/" + google-query: inurl:"/wp-content/plugins/quick-contact-form/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,quick-contact-form,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quick-contact-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quick-contact-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 8.0.2') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-477841283ad4f82134b054c47a016e2c.yaml b/nuclei-templates/2022/CVE-2022-4974-477841283ad4f82134b054c47a016e2c.yaml new file mode 100644 index 0000000000..12cfde860e --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-477841283ad4f82134b054c47a016e2c.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-477841283ad4f82134b054c47a016e2c + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/easync-booking/" + google-query: inurl:"/wp-content/plugins/easync-booking/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,easync-booking,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easync-booking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easync-booking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.10') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-49da69411388bdd1adc37cfff656846f.yaml b/nuclei-templates/2022/CVE-2022-4974-49da69411388bdd1adc37cfff656846f.yaml new file mode 100644 index 0000000000..c93cf195b4 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-49da69411388bdd1adc37cfff656846f.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-49da69411388bdd1adc37cfff656846f + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/buffer-my-post/" + google-query: inurl:"/wp-content/plugins/buffer-my-post/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,buffer-my-post,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/buffer-my-post/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "buffer-my-post" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2020.1.0') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-4b387a3ce4432676ef3cbc00c82c1662.yaml b/nuclei-templates/2022/CVE-2022-4974-4b387a3ce4432676ef3cbc00c82c1662.yaml new file mode 100644 index 0000000000..1c391c0b37 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-4b387a3ce4432676ef3cbc00c82c1662.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-4b387a3ce4432676ef3cbc00c82c1662 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/ultimate-post-kit/" + google-query: inurl:"/wp-content/plugins/ultimate-post-kit/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,ultimate-post-kit,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-post-kit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-post-kit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.9.1') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-4c613eb3f9ae83b4f2727f836be94578.yaml b/nuclei-templates/2022/CVE-2022-4974-4c613eb3f9ae83b4f2727f836be94578.yaml index f1c5034754..f656d6d231 100644 --- a/nuclei-templates/2022/CVE-2022-4974-4c613eb3f9ae83b4f2727f836be94578.yaml +++ b/nuclei-templates/2022/CVE-2022-4974-4c613eb3f9ae83b4f2727f836be94578.yaml @@ -15,17 +15,17 @@ info: cvss-score: 6.3 cve-id: CVE-2022-4974 metadata: - fofa-query: "wp-content/plugins/local-delivery-drivers-for-woocommerce/" - google-query: inurl:"/wp-content/plugins/local-delivery-drivers-for-woocommerce/" + fofa-query: "wp-content/plugins/master-addons/" + google-query: inurl:"/wp-content/plugins/master-addons/" shodan-query: 'vuln:CVE-2022-4974' - tags: cve,wordpress,wp-plugin,local-delivery-drivers-for-woocommerce,medium + tags: cve,wordpress,wp-plugin,master-addons,medium http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/local-delivery-drivers-for-woocommerce/readme.txt" + - "{{BaseURL}}/wp-content/plugins/master-addons/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "local-delivery-drivers-for-woocommerce" + - "master-addons" part: body - type: dsl diff --git a/nuclei-templates/2022/CVE-2022-4974-4cd37ef922f4569106752e0ff83cdb8d.yaml b/nuclei-templates/2022/CVE-2022-4974-4cd37ef922f4569106752e0ff83cdb8d.yaml new file mode 100644 index 0000000000..a1e1728cf1 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-4cd37ef922f4569106752e0ff83cdb8d.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-4cd37ef922f4569106752e0ff83cdb8d + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/woocommerce-google-adwords-conversion-tracking-tag/" + google-query: inurl:"/wp-content/plugins/woocommerce-google-adwords-conversion-tracking-tag/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,woocommerce-google-adwords-conversion-tracking-tag,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-google-adwords-conversion-tracking-tag/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-google-adwords-conversion-tracking-tag" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.14.3') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-4e5f83c7bd3478daf6bef0b3f9cf7678.yaml b/nuclei-templates/2022/CVE-2022-4974-4e5f83c7bd3478daf6bef0b3f9cf7678.yaml new file mode 100644 index 0000000000..c3ac2a8bfe --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-4e5f83c7bd3478daf6bef0b3f9cf7678.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-4e5f83c7bd3478daf6bef0b3f9cf7678 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/security-ninja/" + google-query: inurl:"/wp-content/plugins/security-ninja/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,security-ninja,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/security-ninja/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "security-ninja" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.135') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-4ea6d28e68bcbf5d357dc84d7792878d.yaml b/nuclei-templates/2022/CVE-2022-4974-4ea6d28e68bcbf5d357dc84d7792878d.yaml new file mode 100644 index 0000000000..6bea7fb3b8 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-4ea6d28e68bcbf5d357dc84d7792878d.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-4ea6d28e68bcbf5d357dc84d7792878d + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/salon-booking-system/" + google-query: inurl:"/wp-content/plugins/salon-booking-system/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,salon-booking-system,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/salon-booking-system/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "salon-booking-system" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 7.6.3') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-5002f46ec0c01e4f50815f812b5fb38b.yaml b/nuclei-templates/2022/CVE-2022-4974-5002f46ec0c01e4f50815f812b5fb38b.yaml new file mode 100644 index 0000000000..2d11ec220e --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-5002f46ec0c01e4f50815f812b5fb38b.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-5002f46ec0c01e4f50815f812b5fb38b + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/addons-for-elementor/" + google-query: inurl:"/wp-content/plugins/addons-for-elementor/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,addons-for-elementor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/addons-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "addons-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 7.1.4') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-50ac6bab4bf86e99a238a23bb34e8470.yaml b/nuclei-templates/2022/CVE-2022-4974-50ac6bab4bf86e99a238a23bb34e8470.yaml new file mode 100644 index 0000000000..0453c25aea --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-50ac6bab4bf86e99a238a23bb34e8470.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-50ac6bab4bf86e99a238a23bb34e8470 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/license-manager-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/license-manager-for-woocommerce/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,license-manager-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/license-manager-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "license-manager-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.2.6') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-52175b197baa0172caf15f98a7b00acb.yaml b/nuclei-templates/2022/CVE-2022-4974-52175b197baa0172caf15f98a7b00acb.yaml new file mode 100644 index 0000000000..79c4fdbe4a --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-52175b197baa0172caf15f98a7b00acb.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-52175b197baa0172caf15f98a7b00acb + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/premmerce-woocommerce-variation-swatches/" + google-query: inurl:"/wp-content/plugins/premmerce-woocommerce-variation-swatches/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,premmerce-woocommerce-variation-swatches,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/premmerce-woocommerce-variation-swatches/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "premmerce-woocommerce-variation-swatches" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.1') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-557dfeac01daa0367c681069c19d386e.yaml b/nuclei-templates/2022/CVE-2022-4974-557dfeac01daa0367c681069c19d386e.yaml new file mode 100644 index 0000000000..d35ae2348a --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-557dfeac01daa0367c681069c19d386e.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-557dfeac01daa0367c681069c19d386e + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/sky-login-redirect/" + google-query: inurl:"/wp-content/plugins/sky-login-redirect/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,sky-login-redirect,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sky-login-redirect/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sky-login-redirect" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.6.0') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-55f680b19c54ab6bce8cf10264034daf.yaml b/nuclei-templates/2022/CVE-2022-4974-55f680b19c54ab6bce8cf10264034daf.yaml new file mode 100644 index 0000000000..c9d1299fba --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-55f680b19c54ab6bce8cf10264034daf.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-55f680b19c54ab6bce8cf10264034daf + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/advanced-nocaptcha-recaptcha/" + google-query: inurl:"/wp-content/plugins/advanced-nocaptcha-recaptcha/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,advanced-nocaptcha-recaptcha,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-nocaptcha-recaptcha/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-nocaptcha-recaptcha" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 7.0.5') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-56c5091c455160be18221523f1cd3372.yaml b/nuclei-templates/2022/CVE-2022-4974-56c5091c455160be18221523f1cd3372.yaml new file mode 100644 index 0000000000..27de79e6a9 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-56c5091c455160be18221523f1cd3372.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-56c5091c455160be18221523f1cd3372 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/woo-country-restrictions-advanced/" + google-query: inurl:"/wp-content/plugins/woo-country-restrictions-advanced/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,woo-country-restrictions-advanced,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-country-restrictions-advanced/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-country-restrictions-advanced" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.13.0') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-56e2dc4eee0d06592eeffb6883777dc8.yaml b/nuclei-templates/2022/CVE-2022-4974-56e2dc4eee0d06592eeffb6883777dc8.yaml new file mode 100644 index 0000000000..5b68fce557 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-56e2dc4eee0d06592eeffb6883777dc8.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-56e2dc4eee0d06592eeffb6883777dc8 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/surbma-gdpr-proof-google-analytics/" + google-query: inurl:"/wp-content/plugins/surbma-gdpr-proof-google-analytics/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,surbma-gdpr-proof-google-analytics,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/surbma-gdpr-proof-google-analytics/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "surbma-gdpr-proof-google-analytics" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 17.5.3') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-57a9edaed661bdb0228f355d7457cb63.yaml b/nuclei-templates/2022/CVE-2022-4974-57a9edaed661bdb0228f355d7457cb63.yaml new file mode 100644 index 0000000000..69bba795da --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-57a9edaed661bdb0228f355d7457cb63.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-57a9edaed661bdb0228f355d7457cb63 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/wp-twilio-core/" + google-query: inurl:"/wp-content/plugins/wp-twilio-core/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,wp-twilio-core,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-twilio-core/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-twilio-core" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.7') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-58e905a5dd75e8ae7eb7d21f278efb0a.yaml b/nuclei-templates/2022/CVE-2022-4974-58e905a5dd75e8ae7eb7d21f278efb0a.yaml new file mode 100644 index 0000000000..59e6477a68 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-58e905a5dd75e8ae7eb7d21f278efb0a.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-58e905a5dd75e8ae7eb7d21f278efb0a + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/tk-google-fonts/" + google-query: inurl:"/wp-content/plugins/tk-google-fonts/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,tk-google-fonts,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tk-google-fonts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tk-google-fonts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.2.1') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-591a73985178c1cb1d120ae69d8b9166.yaml b/nuclei-templates/2022/CVE-2022-4974-591a73985178c1cb1d120ae69d8b9166.yaml new file mode 100644 index 0000000000..18c4d6ad46 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-591a73985178c1cb1d120ae69d8b9166.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-591a73985178c1cb1d120ae69d8b9166 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/booking-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/booking-for-woocommerce/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,booking-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/booking-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "booking-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.2.0') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-5989797b3de4a7d046b22faa41f147a5.yaml b/nuclei-templates/2022/CVE-2022-4974-5989797b3de4a7d046b22faa41f147a5.yaml new file mode 100644 index 0000000000..86b68a75c6 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-5989797b3de4a7d046b22faa41f147a5.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-5989797b3de4a7d046b22faa41f147a5 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/socialmark/" + google-query: inurl:"/wp-content/plugins/socialmark/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,socialmark,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/socialmark/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "socialmark" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.5') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-59fc1a3e53c48965dc4568f48343bfa0.yaml b/nuclei-templates/2022/CVE-2022-4974-59fc1a3e53c48965dc4568f48343bfa0.yaml new file mode 100644 index 0000000000..2504de4b92 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-59fc1a3e53c48965dc4568f48343bfa0.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-59fc1a3e53c48965dc4568f48343bfa0 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/anywhere-elementor/" + google-query: inurl:"/wp-content/plugins/anywhere-elementor/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,anywhere-elementor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/anywhere-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "anywhere-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.5') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-5a2a056b7fe9aafc3adb25a9f0222b53.yaml b/nuclei-templates/2022/CVE-2022-4974-5a2a056b7fe9aafc3adb25a9f0222b53.yaml new file mode 100644 index 0000000000..773effcf79 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-5a2a056b7fe9aafc3adb25a9f0222b53.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-5a2a056b7fe9aafc3adb25a9f0222b53 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/advanced-page-visit-counter/" + google-query: inurl:"/wp-content/plugins/advanced-page-visit-counter/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,advanced-page-visit-counter,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-page-visit-counter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-page-visit-counter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 6.0.0') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-5bd5aa842bdc4d50b077cba9da1f3c12.yaml b/nuclei-templates/2022/CVE-2022-4974-5bd5aa842bdc4d50b077cba9da1f3c12.yaml new file mode 100644 index 0000000000..0cbb45ceec --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-5bd5aa842bdc4d50b077cba9da1f3c12.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-5bd5aa842bdc4d50b077cba9da1f3c12 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/racar-clear-cart-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/racar-clear-cart-for-woocommerce/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,racar-clear-cart-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/racar-clear-cart-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "racar-clear-cart-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.3') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-5bf5e671fb2278381a3736f8024df530.yaml b/nuclei-templates/2022/CVE-2022-4974-5bf5e671fb2278381a3736f8024df530.yaml new file mode 100644 index 0000000000..26e9abda15 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-5bf5e671fb2278381a3736f8024df530.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-5bf5e671fb2278381a3736f8024df530 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/comments-not-replied-to/" + google-query: inurl:"/wp-content/plugins/comments-not-replied-to/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,comments-not-replied-to,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/comments-not-replied-to/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "comments-not-replied-to" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.3') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-5cc567a7492b2b29b3f4507033311eae.yaml b/nuclei-templates/2022/CVE-2022-4974-5cc567a7492b2b29b3f4507033311eae.yaml new file mode 100644 index 0000000000..123254deb5 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-5cc567a7492b2b29b3f4507033311eae.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-5cc567a7492b2b29b3f4507033311eae + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/premmerce-woocommerce-product-filter/" + google-query: inurl:"/wp-content/plugins/premmerce-woocommerce-product-filter/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,premmerce-woocommerce-product-filter,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/premmerce-woocommerce-product-filter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "premmerce-woocommerce-product-filter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.6.2') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-5cf3f201cde62bf45d59bc176ab9cc3d.yaml b/nuclei-templates/2022/CVE-2022-4974-5cf3f201cde62bf45d59bc176ab9cc3d.yaml new file mode 100644 index 0000000000..cc86b89799 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-5cf3f201cde62bf45d59bc176ab9cc3d.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-5cf3f201cde62bf45d59bc176ab9cc3d + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/wpgsi/" + google-query: inurl:"/wp-content/plugins/wpgsi/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,wpgsi,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpgsi/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpgsi" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.6.1') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-5d4488b9db9bb4611c2338a6cac99266.yaml b/nuclei-templates/2022/CVE-2022-4974-5d4488b9db9bb4611c2338a6cac99266.yaml new file mode 100644 index 0000000000..b78fbf66a8 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-5d4488b9db9bb4611c2338a6cac99266.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-5d4488b9db9bb4611c2338a6cac99266 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/simply-gallery-block/" + google-query: inurl:"/wp-content/plugins/simply-gallery-block/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,simply-gallery-block,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simply-gallery-block/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simply-gallery-block" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.3.6') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-5e6eec4b8bfc9d3fcde2c69dd6d9fea7.yaml b/nuclei-templates/2022/CVE-2022-4974-5e6eec4b8bfc9d3fcde2c69dd6d9fea7.yaml new file mode 100644 index 0000000000..5b40dc12a2 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-5e6eec4b8bfc9d3fcde2c69dd6d9fea7.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-5e6eec4b8bfc9d3fcde2c69dd6d9fea7 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/ga-for-wp/" + google-query: inurl:"/wp-content/plugins/ga-for-wp/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,ga-for-wp,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ga-for-wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ga-for-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-5f5d0f52c1d912f42f77906eaf762cdd.yaml b/nuclei-templates/2022/CVE-2022-4974-5f5d0f52c1d912f42f77906eaf762cdd.yaml new file mode 100644 index 0000000000..64a60321cd --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-5f5d0f52c1d912f42f77906eaf762cdd.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-5f5d0f52c1d912f42f77906eaf762cdd + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/acf-for-woocommerce-product/" + google-query: inurl:"/wp-content/plugins/acf-for-woocommerce-product/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,acf-for-woocommerce-product,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/acf-for-woocommerce-product/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "acf-for-woocommerce-product" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.8') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-61101efc2d7f7fd1ee67b6e13c19a0ae.yaml b/nuclei-templates/2022/CVE-2022-4974-61101efc2d7f7fd1ee67b6e13c19a0ae.yaml new file mode 100644 index 0000000000..15cd5f7580 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-61101efc2d7f7fd1ee67b6e13c19a0ae.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-61101efc2d7f7fd1ee67b6e13c19a0ae + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/3d-viewer/" + google-query: inurl:"/wp-content/plugins/3d-viewer/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,3d-viewer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/3d-viewer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "3d-viewer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.7') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-629b8d4e32b4e6eb161d5c0a0fdbe3a5.yaml b/nuclei-templates/2022/CVE-2022-4974-629b8d4e32b4e6eb161d5c0a0fdbe3a5.yaml new file mode 100644 index 0000000000..382e338e57 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-629b8d4e32b4e6eb161d5c0a0fdbe3a5.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-629b8d4e32b4e6eb161d5c0a0fdbe3a5 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/menu-image/" + google-query: inurl:"/wp-content/plugins/menu-image/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,menu-image,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/menu-image/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "menu-image" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.0.6') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-63182aa3dc368cf7b64bf23f104fe780.yaml b/nuclei-templates/2022/CVE-2022-4974-63182aa3dc368cf7b64bf23f104fe780.yaml new file mode 100644 index 0000000000..8d4b7e2c25 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-63182aa3dc368cf7b64bf23f104fe780.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-63182aa3dc368cf7b64bf23f104fe780 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/themes/everse/" + google-query: inurl:"/wp-content/themes/everse/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-theme,everse,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/everse/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "everse" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.8.6') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-652d413099fa1ed831ce69ce05dde5bb.yaml b/nuclei-templates/2022/CVE-2022-4974-652d413099fa1ed831ce69ce05dde5bb.yaml new file mode 100644 index 0000000000..f218c37d55 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-652d413099fa1ed831ce69ce05dde5bb.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-652d413099fa1ed831ce69ce05dde5bb + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/wp-tools-gravity-forms-divi-module/" + google-query: inurl:"/wp-content/plugins/wp-tools-gravity-forms-divi-module/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,wp-tools-gravity-forms-divi-module,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-tools-gravity-forms-divi-module/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-tools-gravity-forms-divi-module" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 6.6.3') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-655d97570ea628043ab035e07f870988.yaml b/nuclei-templates/2022/CVE-2022-4974-655d97570ea628043ab035e07f870988.yaml new file mode 100644 index 0000000000..09c2f8e1c6 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-655d97570ea628043ab035e07f870988.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-655d97570ea628043ab035e07f870988 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/drag-and-drop-form-builder-for-contact-form-7/" + google-query: inurl:"/wp-content/plugins/drag-and-drop-form-builder-for-contact-form-7/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,drag-and-drop-form-builder-for-contact-form-7,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/drag-and-drop-form-builder-for-contact-form-7/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "drag-and-drop-form-builder-for-contact-form-7" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.4') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-6766ff6522a5e30c3da92032444e1841.yaml b/nuclei-templates/2022/CVE-2022-4974-6766ff6522a5e30c3da92032444e1841.yaml new file mode 100644 index 0000000000..5d66325bbd --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-6766ff6522a5e30c3da92032444e1841.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-6766ff6522a5e30c3da92032444e1841 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/better-robots-txt/" + google-query: inurl:"/wp-content/plugins/better-robots-txt/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,better-robots-txt,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/better-robots-txt/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "better-robots-txt" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.4.4') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-6798529d3eeac07ca163820294ba1442.yaml b/nuclei-templates/2022/CVE-2022-4974-6798529d3eeac07ca163820294ba1442.yaml new file mode 100644 index 0000000000..67d2b7430c --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-6798529d3eeac07ca163820294ba1442.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-6798529d3eeac07ca163820294ba1442 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/code-manager/" + google-query: inurl:"/wp-content/plugins/code-manager/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,code-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/code-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "code-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.14') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-68cd6426c896e9f5e930c0b83732591a.yaml b/nuclei-templates/2022/CVE-2022-4974-68cd6426c896e9f5e930c0b83732591a.yaml new file mode 100644 index 0000000000..67c6863dfe --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-68cd6426c896e9f5e930c0b83732591a.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-68cd6426c896e9f5e930c0b83732591a + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/wptools-masonry-gallery-posts-for-divi/" + google-query: inurl:"/wp-content/plugins/wptools-masonry-gallery-posts-for-divi/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,wptools-masonry-gallery-posts-for-divi,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wptools-masonry-gallery-posts-for-divi/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wptools-masonry-gallery-posts-for-divi" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.1.2') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-6b3162c73e4b5012cf965e76d34bf5d3.yaml b/nuclei-templates/2022/CVE-2022-4974-6b3162c73e4b5012cf965e76d34bf5d3.yaml new file mode 100644 index 0000000000..271418312a --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-6b3162c73e4b5012cf965e76d34bf5d3.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-6b3162c73e4b5012cf965e76d34bf5d3 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/embed-office-viewer/" + google-query: inurl:"/wp-content/plugins/embed-office-viewer/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,embed-office-viewer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/embed-office-viewer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "embed-office-viewer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.2.5') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-6bb10a2cff031f9e246decea142d5efb.yaml b/nuclei-templates/2022/CVE-2022-4974-6bb10a2cff031f9e246decea142d5efb.yaml new file mode 100644 index 0000000000..46dfb86c80 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-6bb10a2cff031f9e246decea142d5efb.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-6bb10a2cff031f9e246decea142d5efb + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/starfish-reviews/" + google-query: inurl:"/wp-content/plugins/starfish-reviews/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,starfish-reviews,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/starfish-reviews/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "starfish-reviews" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.0.26') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-6c0fa46386393b85d0ad0c373ab077eb.yaml b/nuclei-templates/2022/CVE-2022-4974-6c0fa46386393b85d0ad0c373ab077eb.yaml new file mode 100644 index 0000000000..7f3a806d28 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-6c0fa46386393b85d0ad0c373ab077eb.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-6c0fa46386393b85d0ad0c373ab077eb + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/display-admin-page-on-frontend/" + google-query: inurl:"/wp-content/plugins/display-admin-page-on-frontend/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,display-admin-page-on-frontend,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/display-admin-page-on-frontend/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "display-admin-page-on-frontend" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.17.0.4') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-6c574efa4ff5ca03835b112134700152.yaml b/nuclei-templates/2022/CVE-2022-4974-6c574efa4ff5ca03835b112134700152.yaml new file mode 100644 index 0000000000..a1a4eab2be --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-6c574efa4ff5ca03835b112134700152.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-6c574efa4ff5ca03835b112134700152 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/tag-groups/" + google-query: inurl:"/wp-content/plugins/tag-groups/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,tag-groups,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tag-groups/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tag-groups" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.43.10.1') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-6c7c8bd2082996d17a437c2bfbdb62d9.yaml b/nuclei-templates/2022/CVE-2022-4974-6c7c8bd2082996d17a437c2bfbdb62d9.yaml new file mode 100644 index 0000000000..40e08670f7 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-6c7c8bd2082996d17a437c2bfbdb62d9.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-6c7c8bd2082996d17a437c2bfbdb62d9 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/commenting-feature/" + google-query: inurl:"/wp-content/plugins/commenting-feature/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,commenting-feature,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/commenting-feature/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "commenting-feature" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.4') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-6ddbfaf6ae455ff11f465d5f18aa45af.yaml b/nuclei-templates/2022/CVE-2022-4974-6ddbfaf6ae455ff11f465d5f18aa45af.yaml new file mode 100644 index 0000000000..dc41c64da9 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-6ddbfaf6ae455ff11f465d5f18aa45af.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-6ddbfaf6ae455ff11f465d5f18aa45af + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/woo-conditional-product-fees-for-checkout/" + google-query: inurl:"/wp-content/plugins/woo-conditional-product-fees-for-checkout/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,woo-conditional-product-fees-for-checkout,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-conditional-product-fees-for-checkout/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-conditional-product-fees-for-checkout" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.8.2') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-6ea51ea0d3a1d93e2c17e97220b99e93.yaml b/nuclei-templates/2022/CVE-2022-4974-6ea51ea0d3a1d93e2c17e97220b99e93.yaml new file mode 100644 index 0000000000..4420bead1b --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-6ea51ea0d3a1d93e2c17e97220b99e93.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-6ea51ea0d3a1d93e2c17e97220b99e93 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/rocket-maintenance-mode/" + google-query: inurl:"/wp-content/plugins/rocket-maintenance-mode/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,rocket-maintenance-mode,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rocket-maintenance-mode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rocket-maintenance-mode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.3') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-70aa8951e88b965f63c547d1efbf5aa1.yaml b/nuclei-templates/2022/CVE-2022-4974-70aa8951e88b965f63c547d1efbf5aa1.yaml new file mode 100644 index 0000000000..85fa942682 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-70aa8951e88b965f63c547d1efbf5aa1.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-70aa8951e88b965f63c547d1efbf5aa1 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/woo-fiscalita-italiana/" + google-query: inurl:"/wp-content/plugins/woo-fiscalita-italiana/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,woo-fiscalita-italiana,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-fiscalita-italiana/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-fiscalita-italiana" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.23') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-72200d559569cba8b6724905cd9bb407.yaml b/nuclei-templates/2022/CVE-2022-4974-72200d559569cba8b6724905cd9bb407.yaml new file mode 100644 index 0000000000..af88c8170c --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-72200d559569cba8b6724905cd9bb407.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-72200d559569cba8b6724905cd9bb407 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/streamcast/" + google-query: inurl:"/wp-content/plugins/streamcast/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,streamcast,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/streamcast/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "streamcast" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1.4') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-73f2ef47a4a033e513b4be87514a7b44.yaml b/nuclei-templates/2022/CVE-2022-4974-73f2ef47a4a033e513b4be87514a7b44.yaml new file mode 100644 index 0000000000..75db3ad27a --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-73f2ef47a4a033e513b4be87514a7b44.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-73f2ef47a4a033e513b4be87514a7b44 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/wp-top-news/" + google-query: inurl:"/wp-content/plugins/wp-top-news/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,wp-top-news,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-top-news/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-top-news" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-7432a77d4c1c3077ef09a2e4d1d36085.yaml b/nuclei-templates/2022/CVE-2022-4974-7432a77d4c1c3077ef09a2e4d1d36085.yaml new file mode 100644 index 0000000000..a3b9f244b4 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-7432a77d4c1c3077ef09a2e4d1d36085.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-7432a77d4c1c3077ef09a2e4d1d36085 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/wp-stripe-donation/" + google-query: inurl:"/wp-content/plugins/wp-stripe-donation/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,wp-stripe-donation,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-stripe-donation/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-stripe-donation" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.9') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-745af06788681b3da19b9f6b65266f2d.yaml b/nuclei-templates/2022/CVE-2022-4974-745af06788681b3da19b9f6b65266f2d.yaml new file mode 100644 index 0000000000..1ce6cb96c9 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-745af06788681b3da19b9f6b65266f2d.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-745af06788681b3da19b9f6b65266f2d + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/super-video-player/" + google-query: inurl:"/wp-content/plugins/super-video-player/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,super-video-player,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/super-video-player/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "super-video-player" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.6.11') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-745da3e639d95189c7ba042546318857.yaml b/nuclei-templates/2022/CVE-2022-4974-745da3e639d95189c7ba042546318857.yaml new file mode 100644 index 0000000000..b8ed8e3a8f --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-745da3e639d95189c7ba042546318857.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-745da3e639d95189c7ba042546318857 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/foogallery/" + google-query: inurl:"/wp-content/plugins/foogallery/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,foogallery,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/foogallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "foogallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1.34') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-74b8d4f2f6ba80e0494d302182025133.yaml b/nuclei-templates/2022/CVE-2022-4974-74b8d4f2f6ba80e0494d302182025133.yaml new file mode 100644 index 0000000000..54a08361c9 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-74b8d4f2f6ba80e0494d302182025133.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-74b8d4f2f6ba80e0494d302182025133 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/gutenslider/" + google-query: inurl:"/wp-content/plugins/gutenslider/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,gutenslider,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gutenslider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gutenslider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.7.0') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-74e2a83b772831903b0530d589ca857b.yaml b/nuclei-templates/2022/CVE-2022-4974-74e2a83b772831903b0530d589ca857b.yaml new file mode 100644 index 0000000000..d5be97b111 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-74e2a83b772831903b0530d589ca857b.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-74e2a83b772831903b0530d589ca857b + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/fuse-social-floating-sidebar/" + google-query: inurl:"/wp-content/plugins/fuse-social-floating-sidebar/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,fuse-social-floating-sidebar,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fuse-social-floating-sidebar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fuse-social-floating-sidebar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.4.3') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-77234f9697666f42cc0c66c3b672df6f.yaml b/nuclei-templates/2022/CVE-2022-4974-77234f9697666f42cc0c66c3b672df6f.yaml new file mode 100644 index 0000000000..37f676ad90 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-77234f9697666f42cc0c66c3b672df6f.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-77234f9697666f42cc0c66c3b672df6f + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/rest-routes/" + google-query: inurl:"/wp-content/plugins/rest-routes/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,rest-routes,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rest-routes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rest-routes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.24.0') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-79aa5136a37bea95a658fc3adbe7ce9d.yaml b/nuclei-templates/2022/CVE-2022-4974-79aa5136a37bea95a658fc3adbe7ce9d.yaml new file mode 100644 index 0000000000..82c5d46ef6 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-79aa5136a37bea95a658fc3adbe7ce9d.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-79aa5136a37bea95a658fc3adbe7ce9d + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/woo-coupon-usage/" + google-query: inurl:"/wp-content/plugins/woo-coupon-usage/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,woo-coupon-usage,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-coupon-usage/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-coupon-usage" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.16.4') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-7a68656798ab71366e7db678e3e32356.yaml b/nuclei-templates/2022/CVE-2022-4974-7a68656798ab71366e7db678e3e32356.yaml new file mode 100644 index 0000000000..a62591f0c1 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-7a68656798ab71366e7db678e3e32356.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-7a68656798ab71366e7db678e3e32356 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/abeta-punchout/" + google-query: inurl:"/wp-content/plugins/abeta-punchout/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,abeta-punchout,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/abeta-punchout/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "abeta-punchout" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.4') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-7abf4dbada973cc427d0089d48d9c041.yaml b/nuclei-templates/2022/CVE-2022-4974-7abf4dbada973cc427d0089d48d9c041.yaml new file mode 100644 index 0000000000..2ce6196159 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-7abf4dbada973cc427d0089d48d9c041.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-7abf4dbada973cc427d0089d48d9c041 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/five-star-ratings-shortcode/" + google-query: inurl:"/wp-content/plugins/five-star-ratings-shortcode/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,five-star-ratings-shortcode,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/five-star-ratings-shortcode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "five-star-ratings-shortcode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.39') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-7b1dc86d75e975a655a129431742ed45.yaml b/nuclei-templates/2022/CVE-2022-4974-7b1dc86d75e975a655a129431742ed45.yaml new file mode 100644 index 0000000000..a6df01e6f8 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-7b1dc86d75e975a655a129431742ed45.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-7b1dc86d75e975a655a129431742ed45 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/login-customizer/" + google-query: inurl:"/wp-content/plugins/login-customizer/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,login-customizer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/login-customizer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "login-customizer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1.8') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-7b7745fd8b0350f8f5c62f8c0fb9e698.yaml b/nuclei-templates/2022/CVE-2022-4974-7b7745fd8b0350f8f5c62f8c0fb9e698.yaml new file mode 100644 index 0000000000..059d6b1dbf --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-7b7745fd8b0350f8f5c62f8c0fb9e698.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-7b7745fd8b0350f8f5c62f8c0fb9e698 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/woo-bulk-edit-products/" + google-query: inurl:"/wp-content/plugins/woo-bulk-edit-products/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,woo-bulk-edit-products,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-bulk-edit-products/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-bulk-edit-products" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.7.13') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-7ca92745158001f94dd6b04fcf08e0a7.yaml b/nuclei-templates/2022/CVE-2022-4974-7ca92745158001f94dd6b04fcf08e0a7.yaml new file mode 100644 index 0000000000..257bd65cd0 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-7ca92745158001f94dd6b04fcf08e0a7.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-7ca92745158001f94dd6b04fcf08e0a7 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/delete-duplicate-posts/" + google-query: inurl:"/wp-content/plugins/delete-duplicate-posts/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,delete-duplicate-posts,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/delete-duplicate-posts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "delete-duplicate-posts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.7.5') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-7e42ce01e563f0a56b8a6641a1c06056.yaml b/nuclei-templates/2022/CVE-2022-4974-7e42ce01e563f0a56b8a6641a1c06056.yaml new file mode 100644 index 0000000000..03f47d72bd --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-7e42ce01e563f0a56b8a6641a1c06056.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-7e42ce01e563f0a56b8a6641a1c06056 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/royal-elementor-addons/" + google-query: inurl:"/wp-content/plugins/royal-elementor-addons/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,royal-elementor-addons,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/royal-elementor-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "royal-elementor-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.33') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-80a7de1e0d3c99a25261851a366ce867.yaml b/nuclei-templates/2022/CVE-2022-4974-80a7de1e0d3c99a25261851a366ce867.yaml new file mode 100644 index 0000000000..d98f3b4f32 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-80a7de1e0d3c99a25261851a366ce867.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-80a7de1e0d3c99a25261851a366ce867 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/woowgallery/" + google-query: inurl:"/wp-content/plugins/woowgallery/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,woowgallery,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woowgallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woowgallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.9') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-80f57b8c869a4a20e1bd3c2f14d69576.yaml b/nuclei-templates/2022/CVE-2022-4974-80f57b8c869a4a20e1bd3c2f14d69576.yaml new file mode 100644 index 0000000000..c3a0458bea --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-80f57b8c869a4a20e1bd3c2f14d69576.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-80f57b8c869a4a20e1bd3c2f14d69576 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/cartpops/" + google-query: inurl:"/wp-content/plugins/cartpops/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,cartpops,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cartpops/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cartpops" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.4.17') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-8273571b74d40ea3c31ff54a9e8e4f2a.yaml b/nuclei-templates/2022/CVE-2022-4974-8273571b74d40ea3c31ff54a9e8e4f2a.yaml new file mode 100644 index 0000000000..a2bf2498cd --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-8273571b74d40ea3c31ff54a9e8e4f2a.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-8273571b74d40ea3c31ff54a9e8e4f2a + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/ethpress/" + google-query: inurl:"/wp-content/plugins/ethpress/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,ethpress,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ethpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ethpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.1') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-833b10d6da67aa79d387735989f25a32.yaml b/nuclei-templates/2022/CVE-2022-4974-833b10d6da67aa79d387735989f25a32.yaml new file mode 100644 index 0000000000..e47fff8d41 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-833b10d6da67aa79d387735989f25a32.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-833b10d6da67aa79d387735989f25a32 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/activitytime/" + google-query: inurl:"/wp-content/plugins/activitytime/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,activitytime,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/activitytime/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "activitytime" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.6') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-8481b3bab657a969f5b60ffb5c74c4cd.yaml b/nuclei-templates/2022/CVE-2022-4974-8481b3bab657a969f5b60ffb5c74c4cd.yaml new file mode 100644 index 0000000000..a64c4f74c6 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-8481b3bab657a969f5b60ffb5c74c4cd.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-8481b3bab657a969f5b60ffb5c74c4cd + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/widget-for-eventbrite-api/" + google-query: inurl:"/wp-content/plugins/widget-for-eventbrite-api/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,widget-for-eventbrite-api,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/widget-for-eventbrite-api/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "widget-for-eventbrite-api" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.4.8') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-855a4425e1bfc21145e598a6b643aeed.yaml b/nuclei-templates/2022/CVE-2022-4974-855a4425e1bfc21145e598a6b643aeed.yaml new file mode 100644 index 0000000000..8e53d47dc7 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-855a4425e1bfc21145e598a6b643aeed.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-855a4425e1bfc21145e598a6b643aeed + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/woo-customers-order-history/" + google-query: inurl:"/wp-content/plugins/woo-customers-order-history/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,woo-customers-order-history,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-customers-order-history/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-customers-order-history" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.2.1') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-8568a4ce174019aa9b94a65a3ec678d6.yaml b/nuclei-templates/2022/CVE-2022-4974-8568a4ce174019aa9b94a65a3ec678d6.yaml new file mode 100644 index 0000000000..50d7f1a01d --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-8568a4ce174019aa9b94a65a3ec678d6.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-8568a4ce174019aa9b94a65a3ec678d6 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/basepress/" + google-query: inurl:"/wp-content/plugins/basepress/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,basepress,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/basepress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "basepress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.15.14') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-8608719a3361ef10ac5020264208dba3.yaml b/nuclei-templates/2022/CVE-2022-4974-8608719a3361ef10ac5020264208dba3.yaml new file mode 100644 index 0000000000..f10cf0a91f --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-8608719a3361ef10ac5020264208dba3.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-8608719a3361ef10ac5020264208dba3 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/magic-post-thumbnail/" + google-query: inurl:"/wp-content/plugins/magic-post-thumbnail/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,magic-post-thumbnail,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/magic-post-thumbnail/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "magic-post-thumbnail" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.3.11') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-870bc4470df9aef00e037a06833ba9b7.yaml b/nuclei-templates/2022/CVE-2022-4974-870bc4470df9aef00e037a06833ba9b7.yaml new file mode 100644 index 0000000000..703e59842d --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-870bc4470df9aef00e037a06833ba9b7.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-870bc4470df9aef00e037a06833ba9b7 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/change-wc-price-title/" + google-query: inurl:"/wp-content/plugins/change-wc-price-title/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,change-wc-price-title,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/change-wc-price-title/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "change-wc-price-title" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-875e297becc929552376b681eb0f6bef.yaml b/nuclei-templates/2022/CVE-2022-4974-875e297becc929552376b681eb0f6bef.yaml new file mode 100644 index 0000000000..13b22e9a29 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-875e297becc929552376b681eb0f6bef.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-875e297becc929552376b681eb0f6bef + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/bdthemes-prime-slider-lite/" + google-query: inurl:"/wp-content/plugins/bdthemes-prime-slider-lite/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,bdthemes-prime-slider-lite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bdthemes-prime-slider-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bdthemes-prime-slider-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.7.0') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-87b18ea05b8147fef7d632cf33ff89c6.yaml b/nuclei-templates/2022/CVE-2022-4974-87b18ea05b8147fef7d632cf33ff89c6.yaml new file mode 100644 index 0000000000..d9541da1e6 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-87b18ea05b8147fef7d632cf33ff89c6.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-87b18ea05b8147fef7d632cf33ff89c6 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/easy-under-construction/" + google-query: inurl:"/wp-content/plugins/easy-under-construction/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,easy-under-construction,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-under-construction/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-under-construction" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.0') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-899c764ee1e1018364a0620ec38aa86d.yaml b/nuclei-templates/2022/CVE-2022-4974-899c764ee1e1018364a0620ec38aa86d.yaml new file mode 100644 index 0000000000..5286388e3b --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-899c764ee1e1018364a0620ec38aa86d.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-899c764ee1e1018364a0620ec38aa86d + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/woo-products-widgets-for-elementor/" + google-query: inurl:"/wp-content/plugins/woo-products-widgets-for-elementor/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,woo-products-widgets-for-elementor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-products-widgets-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-products-widgets-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.9') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-8ac01c0a8e80a489ad39b444454306fd.yaml b/nuclei-templates/2022/CVE-2022-4974-8ac01c0a8e80a489ad39b444454306fd.yaml new file mode 100644 index 0000000000..486686efdd --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-8ac01c0a8e80a489ad39b444454306fd.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-8ac01c0a8e80a489ad39b444454306fd + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/setka-editor/" + google-query: inurl:"/wp-content/plugins/setka-editor/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,setka-editor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/setka-editor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "setka-editor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1.17') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-8ae389bb36c025a1eb7545aa6a45c3d6.yaml b/nuclei-templates/2022/CVE-2022-4974-8ae389bb36c025a1eb7545aa6a45c3d6.yaml new file mode 100644 index 0000000000..7e1b07ca9c --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-8ae389bb36c025a1eb7545aa6a45c3d6.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-8ae389bb36c025a1eb7545aa6a45c3d6 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/woo-wholesale-pricing/" + google-query: inurl:"/wp-content/plugins/woo-wholesale-pricing/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,woo-wholesale-pricing,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-wholesale-pricing/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-wholesale-pricing" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.6.1') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-8bcf0403da71d586e0e15d6051979d24.yaml b/nuclei-templates/2022/CVE-2022-4974-8bcf0403da71d586e0e15d6051979d24.yaml new file mode 100644 index 0000000000..bc5fb22e5b --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-8bcf0403da71d586e0e15d6051979d24.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-8bcf0403da71d586e0e15d6051979d24 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/bulk-image-alt-text-with-yoast/" + google-query: inurl:"/wp-content/plugins/bulk-image-alt-text-with-yoast/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,bulk-image-alt-text-with-yoast,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bulk-image-alt-text-with-yoast/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bulk-image-alt-text-with-yoast" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.4.5.0') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-8bd2005b76a7b3b9a4a12b459d0e3cf5.yaml b/nuclei-templates/2022/CVE-2022-4974-8bd2005b76a7b3b9a4a12b459d0e3cf5.yaml new file mode 100644 index 0000000000..ab1c9f702e --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-8bd2005b76a7b3b9a4a12b459d0e3cf5.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-8bd2005b76a7b3b9a4a12b459d0e3cf5 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/ethereumico/" + google-query: inurl:"/wp-content/plugins/ethereumico/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,ethereumico,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ethereumico/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ethereumico" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.3.11') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-8ce62c9a29dcc031d4f086c2f6793117.yaml b/nuclei-templates/2022/CVE-2022-4974-8ce62c9a29dcc031d4f086c2f6793117.yaml new file mode 100644 index 0000000000..874b7313c1 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-8ce62c9a29dcc031d4f086c2f6793117.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-8ce62c9a29dcc031d4f086c2f6793117 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/wc-thanks-redirect/" + google-query: inurl:"/wp-content/plugins/wc-thanks-redirect/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,wc-thanks-redirect,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wc-thanks-redirect/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wc-thanks-redirect" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.1') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-8e9772a80d30d1eff0bfeb3f8d7e7d2e.yaml b/nuclei-templates/2022/CVE-2022-4974-8e9772a80d30d1eff0bfeb3f8d7e7d2e.yaml new file mode 100644 index 0000000000..3409aab8c5 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-8e9772a80d30d1eff0bfeb3f8d7e7d2e.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-8e9772a80d30d1eff0bfeb3f8d7e7d2e + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/wp-munich-blocks/" + google-query: inurl:"/wp-content/plugins/wp-munich-blocks/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,wp-munich-blocks,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-munich-blocks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-munich-blocks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 0.11.0') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-8ee080d13f6088733aae8dbe92352c90.yaml b/nuclei-templates/2022/CVE-2022-4974-8ee080d13f6088733aae8dbe92352c90.yaml new file mode 100644 index 0000000000..c8489aef58 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-8ee080d13f6088733aae8dbe92352c90.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-8ee080d13f6088733aae8dbe92352c90 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/tablesome/" + google-query: inurl:"/wp-content/plugins/tablesome/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,tablesome,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tablesome/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tablesome" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 0.6.7') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-8f1c8f92a592d12303517ca8b071559b.yaml b/nuclei-templates/2022/CVE-2022-4974-8f1c8f92a592d12303517ca8b071559b.yaml new file mode 100644 index 0000000000..e252e42ee3 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-8f1c8f92a592d12303517ca8b071559b.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-8f1c8f92a592d12303517ca8b071559b + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/premmerce-woocommerce-brands/" + google-query: inurl:"/wp-content/plugins/premmerce-woocommerce-brands/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,premmerce-woocommerce-brands,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/premmerce-woocommerce-brands/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "premmerce-woocommerce-brands" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.12') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-8f5a7d62367b65844c0a6c9e246fc7f4.yaml b/nuclei-templates/2022/CVE-2022-4974-8f5a7d62367b65844c0a6c9e246fc7f4.yaml new file mode 100644 index 0000000000..acf2c6e8f0 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-8f5a7d62367b65844c0a6c9e246fc7f4.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-8f5a7d62367b65844c0a6c9e246fc7f4 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/front-end-pm/" + google-query: inurl:"/wp-content/plugins/front-end-pm/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,front-end-pm,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/front-end-pm/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "front-end-pm" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 11.3.4') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-8fce0528958fb8f6fccd77f326340662.yaml b/nuclei-templates/2022/CVE-2022-4974-8fce0528958fb8f6fccd77f326340662.yaml new file mode 100644 index 0000000000..7c89592a05 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-8fce0528958fb8f6fccd77f326340662.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-8fce0528958fb8f6fccd77f326340662 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/postcode-redirect/" + google-query: inurl:"/wp-content/plugins/postcode-redirect/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,postcode-redirect,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/postcode-redirect/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "postcode-redirect" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.4.1') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-91745fbc2f99a79d620f30598c4e31ee.yaml b/nuclei-templates/2022/CVE-2022-4974-91745fbc2f99a79d620f30598c4e31ee.yaml new file mode 100644 index 0000000000..966b144660 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-91745fbc2f99a79d620f30598c4e31ee.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-91745fbc2f99a79d620f30598c4e31ee + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/final-tiles-grid-gallery-lite/" + google-query: inurl:"/wp-content/plugins/final-tiles-grid-gallery-lite/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,final-tiles-grid-gallery-lite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/final-tiles-grid-gallery-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "final-tiles-grid-gallery-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.5.5') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-924d15d04cb96f235de08559de786ec9.yaml b/nuclei-templates/2022/CVE-2022-4974-924d15d04cb96f235de08559de786ec9.yaml new file mode 100644 index 0000000000..82bcbca198 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-924d15d04cb96f235de08559de786ec9.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-924d15d04cb96f235de08559de786ec9 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/wp-data-access/" + google-query: inurl:"/wp-content/plugins/wp-data-access/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,wp-data-access,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-data-access/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-data-access" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.1.4') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-9259c6b6a62e15184debbbcdbd3cfa05.yaml b/nuclei-templates/2022/CVE-2022-4974-9259c6b6a62e15184debbbcdbd3cfa05.yaml new file mode 100644 index 0000000000..ad27b80931 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-9259c6b6a62e15184debbbcdbd3cfa05.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-9259c6b6a62e15184debbbcdbd3cfa05 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/blocksy-companion/" + google-query: inurl:"/wp-content/plugins/blocksy-companion/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,blocksy-companion,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/blocksy-companion/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "blocksy-companion" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.8.20') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-930affc0db99b77d080b8bfe096cf385.yaml b/nuclei-templates/2022/CVE-2022-4974-930affc0db99b77d080b8bfe096cf385.yaml new file mode 100644 index 0000000000..a3b3af2b7c --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-930affc0db99b77d080b8bfe096cf385.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-930affc0db99b77d080b8bfe096cf385 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/post-carousel-divi/" + google-query: inurl:"/wp-content/plugins/post-carousel-divi/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,post-carousel-divi,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/post-carousel-divi/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "post-carousel-divi" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-937516397afa375d2f5ddf5a77caf0aa.yaml b/nuclei-templates/2022/CVE-2022-4974-937516397afa375d2f5ddf5a77caf0aa.yaml new file mode 100644 index 0000000000..b95b44890e --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-937516397afa375d2f5ddf5a77caf0aa.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-937516397afa375d2f5ddf5a77caf0aa + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/woocustomizer/" + google-query: inurl:"/wp-content/plugins/woocustomizer/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,woocustomizer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocustomizer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocustomizer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.3.8') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-94052c67f87a8fb3b3dd691fa17a4240.yaml b/nuclei-templates/2022/CVE-2022-4974-94052c67f87a8fb3b3dd691fa17a4240.yaml new file mode 100644 index 0000000000..2dee541fec --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-94052c67f87a8fb3b3dd691fa17a4240.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-94052c67f87a8fb3b3dd691fa17a4240 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/wp-fail2ban/" + google-query: inurl:"/wp-content/plugins/wp-fail2ban/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,wp-fail2ban,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-fail2ban/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-fail2ban" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.4.0.2') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-9437ebb08533440a4a517ccdbbdd6db9.yaml b/nuclei-templates/2022/CVE-2022-4974-9437ebb08533440a4a517ccdbbdd6db9.yaml new file mode 100644 index 0000000000..5ec6925d7c --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-9437ebb08533440a4a517ccdbbdd6db9.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-9437ebb08533440a4a517ccdbbdd6db9 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/themes/villar/" + google-query: inurl:"/wp-content/themes/villar/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-theme,villar,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/villar/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "villar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.8') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-964617702e2b96f8bca7557db05c5ddb.yaml b/nuclei-templates/2022/CVE-2022-4974-964617702e2b96f8bca7557db05c5ddb.yaml new file mode 100644 index 0000000000..e34a1b87e9 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-964617702e2b96f8bca7557db05c5ddb.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-964617702e2b96f8bca7557db05c5ddb + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/really-simple-featured-video/" + google-query: inurl:"/wp-content/plugins/really-simple-featured-video/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,really-simple-featured-video,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/really-simple-featured-video/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "really-simple-featured-video" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.5.1') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-966209cca3fbb6fcfc658f4c03ba1e45.yaml b/nuclei-templates/2022/CVE-2022-4974-966209cca3fbb6fcfc658f4c03ba1e45.yaml new file mode 100644 index 0000000000..d2185c26e8 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-966209cca3fbb6fcfc658f4c03ba1e45.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-966209cca3fbb6fcfc658f4c03ba1e45 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/woo-seo-addon/" + google-query: inurl:"/wp-content/plugins/woo-seo-addon/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,woo-seo-addon,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-seo-addon/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-seo-addon" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1.5') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-97903fd12adac2e7fecf9b1a8cfe90ee.yaml b/nuclei-templates/2022/CVE-2022-4974-97903fd12adac2e7fecf9b1a8cfe90ee.yaml new file mode 100644 index 0000000000..419c4e8b95 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-97903fd12adac2e7fecf9b1a8cfe90ee.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-97903fd12adac2e7fecf9b1a8cfe90ee + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/wpcf7-redirect/" + google-query: inurl:"/wp-content/plugins/wpcf7-redirect/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,wpcf7-redirect,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpcf7-redirect/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpcf7-redirect" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.5.0') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-97beb63807fc72788d04265fadaca504.yaml b/nuclei-templates/2022/CVE-2022-4974-97beb63807fc72788d04265fadaca504.yaml new file mode 100644 index 0000000000..ae68c3a6c8 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-97beb63807fc72788d04265fadaca504.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-97beb63807fc72788d04265fadaca504 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/easy-smooth-scroll-links/" + google-query: inurl:"/wp-content/plugins/easy-smooth-scroll-links/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,easy-smooth-scroll-links,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-smooth-scroll-links/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-smooth-scroll-links" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.23.1') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-9881678a2d2de60719fb0ea57bb80721.yaml b/nuclei-templates/2022/CVE-2022-4974-9881678a2d2de60719fb0ea57bb80721.yaml new file mode 100644 index 0000000000..3260ac583c --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-9881678a2d2de60719fb0ea57bb80721.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-9881678a2d2de60719fb0ea57bb80721 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/woocommerce-store-toolkit/" + google-query: inurl:"/wp-content/plugins/woocommerce-store-toolkit/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,woocommerce-store-toolkit,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-store-toolkit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-store-toolkit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.3.4') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-98d1d1d50b632d7c4337c29dceb6d46b.yaml b/nuclei-templates/2022/CVE-2022-4974-98d1d1d50b632d7c4337c29dceb6d46b.yaml new file mode 100644 index 0000000000..ce3b5e959b --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-98d1d1d50b632d7c4337c29dceb6d46b.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-98d1d1d50b632d7c4337c29dceb6d46b + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/hm-multiple-roles/" + google-query: inurl:"/wp-content/plugins/hm-multiple-roles/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,hm-multiple-roles,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/hm-multiple-roles/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "hm-multiple-roles" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.6') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-99027283f28cb97671c074567a1b2f8f.yaml b/nuclei-templates/2022/CVE-2022-4974-99027283f28cb97671c074567a1b2f8f.yaml new file mode 100644 index 0000000000..4082e4c4f2 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-99027283f28cb97671c074567a1b2f8f.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-99027283f28cb97671c074567a1b2f8f + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/fast-checkout-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/fast-checkout-for-woocommerce/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,fast-checkout-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fast-checkout-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fast-checkout-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.17') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-9b00946cecf86df325b41b4cfee2e583.yaml b/nuclei-templates/2022/CVE-2022-4974-9b00946cecf86df325b41b4cfee2e583.yaml new file mode 100644 index 0000000000..6d93c6c938 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-9b00946cecf86df325b41b4cfee2e583.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-9b00946cecf86df325b41b4cfee2e583 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/restrict-user-access/" + google-query: inurl:"/wp-content/plugins/restrict-user-access/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,restrict-user-access,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/restrict-user-access/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "restrict-user-access" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.2.2') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-9b9dbf1d1ce80ac7e8ab963c9464324b.yaml b/nuclei-templates/2022/CVE-2022-4974-9b9dbf1d1ce80ac7e8ab963c9464324b.yaml new file mode 100644 index 0000000000..9be3f22b74 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-9b9dbf1d1ce80ac7e8ab963c9464324b.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-9b9dbf1d1ce80ac7e8ab963c9464324b + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/iks-menu/" + google-query: inurl:"/wp-content/plugins/iks-menu/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,iks-menu,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/iks-menu/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "iks-menu" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.9.2') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-9cfdfd09a3bd9441c3d8577e9d6c46af.yaml b/nuclei-templates/2022/CVE-2022-4974-9cfdfd09a3bd9441c3d8577e9d6c46af.yaml new file mode 100644 index 0000000000..9fa17cd572 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-9cfdfd09a3bd9441c3d8577e9d6c46af.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-9cfdfd09a3bd9441c3d8577e9d6c46af + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/logo-showcase-with-slick-slider/" + google-query: inurl:"/wp-content/plugins/logo-showcase-with-slick-slider/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,logo-showcase-with-slick-slider,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/logo-showcase-with-slick-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "logo-showcase-with-slick-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.3') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-9d42083dd7e27e834221cece099fac6c.yaml b/nuclei-templates/2022/CVE-2022-4974-9d42083dd7e27e834221cece099fac6c.yaml new file mode 100644 index 0000000000..6b0a976a31 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-9d42083dd7e27e834221cece099fac6c.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-9d42083dd7e27e834221cece099fac6c + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/insert-or-embed-articulate-content-into-wordpress/" + google-query: inurl:"/wp-content/plugins/insert-or-embed-articulate-content-into-wordpress/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,insert-or-embed-articulate-content-into-wordpress,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/insert-or-embed-articulate-content-into-wordpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "insert-or-embed-articulate-content-into-wordpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.3000000016') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-9d8348380f610c22d33b2847c2e73118.yaml b/nuclei-templates/2022/CVE-2022-4974-9d8348380f610c22d33b2847c2e73118.yaml new file mode 100644 index 0000000000..cb895f1166 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-9d8348380f610c22d33b2847c2e73118.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-9d8348380f610c22d33b2847c2e73118 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/wp-travel-engine/" + google-query: inurl:"/wp-content/plugins/wp-travel-engine/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,wp-travel-engine,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-travel-engine/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-travel-engine" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.3.8') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-9eb305a44990dd6e4a5d75b16b7bd61b.yaml b/nuclei-templates/2022/CVE-2022-4974-9eb305a44990dd6e4a5d75b16b7bd61b.yaml new file mode 100644 index 0000000000..4084f4cc9c --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-9eb305a44990dd6e4a5d75b16b7bd61b.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-9eb305a44990dd6e4a5d75b16b7bd61b + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/wp-offers/" + google-query: inurl:"/wp-content/plugins/wp-offers/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,wp-offers,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-offers/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-offers" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.4') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-a58848eb01e7aa2f16bcd69a0e06d3d8.yaml b/nuclei-templates/2022/CVE-2022-4974-a58848eb01e7aa2f16bcd69a0e06d3d8.yaml new file mode 100644 index 0000000000..b242a59814 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-a58848eb01e7aa2f16bcd69a0e06d3d8.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-a58848eb01e7aa2f16bcd69a0e06d3d8 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/woocommerce-pay-per-post/" + google-query: inurl:"/wp-content/plugins/woocommerce-pay-per-post/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,woocommerce-pay-per-post,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-pay-per-post/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-pay-per-post" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.0.9') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-a5bf426b857f067d06872775b8a448b8.yaml b/nuclei-templates/2022/CVE-2022-4974-a5bf426b857f067d06872775b8a448b8.yaml new file mode 100644 index 0000000000..5095637f64 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-a5bf426b857f067d06872775b8a448b8.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-a5bf426b857f067d06872775b8a448b8 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/woo-ukrposhta/" + google-query: inurl:"/wp-content/plugins/woo-ukrposhta/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,woo-ukrposhta,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-ukrposhta/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-ukrposhta" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.6.18') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-a5fe2f4fc3324db66fa083ea69ac3d51.yaml b/nuclei-templates/2022/CVE-2022-4974-a5fe2f4fc3324db66fa083ea69ac3d51.yaml new file mode 100644 index 0000000000..0114a9d60a --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-a5fe2f4fc3324db66fa083ea69ac3d51.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-a5fe2f4fc3324db66fa083ea69ac3d51 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/wp-sheet-editor-bulk-spreadsheet-editor-for-posts-and-pages/" + google-query: inurl:"/wp-content/plugins/wp-sheet-editor-bulk-spreadsheet-editor-for-posts-and-pages/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,wp-sheet-editor-bulk-spreadsheet-editor-for-posts-and-pages,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-sheet-editor-bulk-spreadsheet-editor-for-posts-and-pages/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-sheet-editor-bulk-spreadsheet-editor-for-posts-and-pages" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.24.13') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-a66c7e6959a7abce65c996aee3c71858.yaml b/nuclei-templates/2022/CVE-2022-4974-a66c7e6959a7abce65c996aee3c71858.yaml new file mode 100644 index 0000000000..7cf6507e1a --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-a66c7e6959a7abce65c996aee3c71858.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-a66c7e6959a7abce65c996aee3c71858 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/wc-product-customer-list/" + google-query: inurl:"/wp-content/plugins/wc-product-customer-list/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,wc-product-customer-list,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wc-product-customer-list/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wc-product-customer-list" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.0.0') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-a6e59a125d4aadd9e851624c1430a819.yaml b/nuclei-templates/2022/CVE-2022-4974-a6e59a125d4aadd9e851624c1430a819.yaml new file mode 100644 index 0000000000..86e2b4506e --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-a6e59a125d4aadd9e851624c1430a819.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-a6e59a125d4aadd9e851624c1430a819 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/bp-better-messages/" + google-query: inurl:"/wp-content/plugins/bp-better-messages/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,bp-better-messages,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bp-better-messages/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bp-better-messages" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.9.9.170') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-a8d16495714fcf3b5272f8f26f431c3a.yaml b/nuclei-templates/2022/CVE-2022-4974-a8d16495714fcf3b5272f8f26f431c3a.yaml new file mode 100644 index 0000000000..2b6ae523ca --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-a8d16495714fcf3b5272f8f26f431c3a.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-a8d16495714fcf3b5272f8f26f431c3a + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/interactive-geo-maps/" + google-query: inurl:"/wp-content/plugins/interactive-geo-maps/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,interactive-geo-maps,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/interactive-geo-maps/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "interactive-geo-maps" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.4') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-a91e0dab20bbce724ba06b9d0084cbcf.yaml b/nuclei-templates/2022/CVE-2022-4974-a91e0dab20bbce724ba06b9d0084cbcf.yaml new file mode 100644 index 0000000000..7b3de20c93 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-a91e0dab20bbce724ba06b9d0084cbcf.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-a91e0dab20bbce724ba06b9d0084cbcf + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/accessibility-checker/" + google-query: inurl:"/wp-content/plugins/accessibility-checker/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,accessibility-checker,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/accessibility-checker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "accessibility-checker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.8') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-aa1314f41df7c31526426a9a2c90f5ad.yaml b/nuclei-templates/2022/CVE-2022-4974-aa1314f41df7c31526426a9a2c90f5ad.yaml new file mode 100644 index 0000000000..9873c1964f --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-aa1314f41df7c31526426a9a2c90f5ad.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-aa1314f41df7c31526426a9a2c90f5ad + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/shared-files/" + google-query: inurl:"/wp-content/plugins/shared-files/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,shared-files,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shared-files/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shared-files" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.6.72') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-ab127023580fa75ffe2172e0718bdd9a.yaml b/nuclei-templates/2022/CVE-2022-4974-ab127023580fa75ffe2172e0718bdd9a.yaml new file mode 100644 index 0000000000..d2c0f23416 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-ab127023580fa75ffe2172e0718bdd9a.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-ab127023580fa75ffe2172e0718bdd9a + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/ssl-zen/" + google-query: inurl:"/wp-content/plugins/ssl-zen/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,ssl-zen,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ssl-zen/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ssl-zen" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.4') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-ab575f35d407af39b3ea0594ee2bc257.yaml b/nuclei-templates/2022/CVE-2022-4974-ab575f35d407af39b3ea0594ee2bc257.yaml new file mode 100644 index 0000000000..38ca83c7e9 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-ab575f35d407af39b3ea0594ee2bc257.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-ab575f35d407af39b3ea0594ee2bc257 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/addons-for-beaver-builder/" + google-query: inurl:"/wp-content/plugins/addons-for-beaver-builder/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,addons-for-beaver-builder,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/addons-for-beaver-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "addons-for-beaver-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.8.4') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-aca73e2d796f357e194b8a2b7ca82980.yaml b/nuclei-templates/2022/CVE-2022-4974-aca73e2d796f357e194b8a2b7ca82980.yaml new file mode 100644 index 0000000000..cb4402e35e --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-aca73e2d796f357e194b8a2b7ca82980.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-aca73e2d796f357e194b8a2b7ca82980 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/simple-feature-requests/" + google-query: inurl:"/wp-content/plugins/simple-feature-requests/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,simple-feature-requests,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-feature-requests/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-feature-requests" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.2.4') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-ad6d4eb5656fb2456f40ee077876c73f.yaml b/nuclei-templates/2022/CVE-2022-4974-ad6d4eb5656fb2456f40ee077876c73f.yaml new file mode 100644 index 0000000000..ce87f411f1 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-ad6d4eb5656fb2456f40ee077876c73f.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-ad6d4eb5656fb2456f40ee077876c73f + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/wp-structured-data-schema/" + google-query: inurl:"/wp-content/plugins/wp-structured-data-schema/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,wp-structured-data-schema,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-structured-data-schema/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-structured-data-schema" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.1') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-ae6476461be319aaccada90332153205.yaml b/nuclei-templates/2022/CVE-2022-4974-ae6476461be319aaccada90332153205.yaml new file mode 100644 index 0000000000..37d33d38c0 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-ae6476461be319aaccada90332153205.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-ae6476461be319aaccada90332153205 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/easy-post-views-count/" + google-query: inurl:"/wp-content/plugins/easy-post-views-count/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,easy-post-views-count,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-post-views-count/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-post-views-count" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.5') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-aea75890bb6a8f3e6ff46a140182634a.yaml b/nuclei-templates/2022/CVE-2022-4974-aea75890bb6a8f3e6ff46a140182634a.yaml new file mode 100644 index 0000000000..f226851fcf --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-aea75890bb6a8f3e6ff46a140182634a.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-aea75890bb6a8f3e6ff46a140182634a + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/wp-security-audit-log/" + google-query: inurl:"/wp-content/plugins/wp-security-audit-log/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,wp-security-audit-log,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-security-audit-log/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-security-audit-log" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.4.0') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-af2bcc66229bf5bd6c08d48a24366221.yaml b/nuclei-templates/2022/CVE-2022-4974-af2bcc66229bf5bd6c08d48a24366221.yaml new file mode 100644 index 0000000000..d81cc03a23 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-af2bcc66229bf5bd6c08d48a24366221.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-af2bcc66229bf5bd6c08d48a24366221 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/share-this-image/" + google-query: inurl:"/wp-content/plugins/share-this-image/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,share-this-image,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/share-this-image/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "share-this-image" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.67') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-af4da2466dc14ae25bcb87f3af47f35c.yaml b/nuclei-templates/2022/CVE-2022-4974-af4da2466dc14ae25bcb87f3af47f35c.yaml new file mode 100644 index 0000000000..a171cf7a2b --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-af4da2466dc14ae25bcb87f3af47f35c.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-af4da2466dc14ae25bcb87f3af47f35c + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/wp-school-calendar-lite/" + google-query: inurl:"/wp-content/plugins/wp-school-calendar-lite/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,wp-school-calendar-lite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-school-calendar-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-school-calendar-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.6') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-b301e06b5394f13942c93a763ac7eb0e.yaml b/nuclei-templates/2022/CVE-2022-4974-b301e06b5394f13942c93a763ac7eb0e.yaml new file mode 100644 index 0000000000..221abf7590 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-b301e06b5394f13942c93a763ac7eb0e.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-b301e06b5394f13942c93a763ac7eb0e + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/delicious-recipes/" + google-query: inurl:"/wp-content/plugins/delicious-recipes/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,delicious-recipes,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/delicious-recipes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "delicious-recipes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.5') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-b49dafa9501f406e94b1c544d3cb4ee0.yaml b/nuclei-templates/2022/CVE-2022-4974-b49dafa9501f406e94b1c544d3cb4ee0.yaml new file mode 100644 index 0000000000..76f24f44cb --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-b49dafa9501f406e94b1c544d3cb4ee0.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-b49dafa9501f406e94b1c544d3cb4ee0 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/wp-conference-schedule/" + google-query: inurl:"/wp-content/plugins/wp-conference-schedule/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,wp-conference-schedule,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-conference-schedule/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-conference-schedule" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.0') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-b512f026d3855496ea2689ec8ef647f5.yaml b/nuclei-templates/2022/CVE-2022-4974-b512f026d3855496ea2689ec8ef647f5.yaml new file mode 100644 index 0000000000..8d6fa930af --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-b512f026d3855496ea2689ec8ef647f5.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-b512f026d3855496ea2689ec8ef647f5 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/woo-add-to-quote/" + google-query: inurl:"/wp-content/plugins/woo-add-to-quote/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,woo-add-to-quote,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-add-to-quote/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-add-to-quote" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.4.9') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-b5fc62c7251a65243a3fd75688000904.yaml b/nuclei-templates/2022/CVE-2022-4974-b5fc62c7251a65243a3fd75688000904.yaml new file mode 100644 index 0000000000..649d8bd679 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-b5fc62c7251a65243a3fd75688000904.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-b5fc62c7251a65243a3fd75688000904 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/the-events-calendar/" + google-query: inurl:"/wp-content/plugins/the-events-calendar/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,the-events-calendar,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/the-events-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "the-events-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.14.0.4') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-b6aa9eb9d2e2d294e649c12aa7c09049.yaml b/nuclei-templates/2022/CVE-2022-4974-b6aa9eb9d2e2d294e649c12aa7c09049.yaml new file mode 100644 index 0000000000..3d27a40619 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-b6aa9eb9d2e2d294e649c12aa7c09049.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-b6aa9eb9d2e2d294e649c12aa7c09049 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/dancepress-trwa/" + google-query: inurl:"/wp-content/plugins/dancepress-trwa/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,dancepress-trwa,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dancepress-trwa/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dancepress-trwa" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.2') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-b9f4f69c2688f8137305ca3c005a2325.yaml b/nuclei-templates/2022/CVE-2022-4974-b9f4f69c2688f8137305ca3c005a2325.yaml new file mode 100644 index 0000000000..e4ee30cdf0 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-b9f4f69c2688f8137305ca3c005a2325.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-b9f4f69c2688f8137305ca3c005a2325 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/wp-coupons-and-deals/" + google-query: inurl:"/wp-content/plugins/wp-coupons-and-deals/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,wp-coupons-and-deals,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-coupons-and-deals/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-coupons-and-deals" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.1.12') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-bad4498553da6b92c943d518c8027fc0.yaml b/nuclei-templates/2022/CVE-2022-4974-bad4498553da6b92c943d518c8027fc0.yaml new file mode 100644 index 0000000000..0ed8fbc6ac --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-bad4498553da6b92c943d518c8027fc0.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-bad4498553da6b92c943d518c8027fc0 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/xt-woo-quick-view-lite/" + google-query: inurl:"/wp-content/plugins/xt-woo-quick-view-lite/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,xt-woo-quick-view-lite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/xt-woo-quick-view-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "xt-woo-quick-view-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.9.6') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-bb0201c4ab3b083718394749026d45d0.yaml b/nuclei-templates/2022/CVE-2022-4974-bb0201c4ab3b083718394749026d45d0.yaml new file mode 100644 index 0000000000..8efd0c3b3f --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-bb0201c4ab3b083718394749026d45d0.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-bb0201c4ab3b083718394749026d45d0 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/wc4bp/" + google-query: inurl:"/wp-content/plugins/wc4bp/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,wc4bp,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wc4bp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wc4bp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.4.2') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-bbd0469101ad166f9a9d964c9db2e365.yaml b/nuclei-templates/2022/CVE-2022-4974-bbd0469101ad166f9a9d964c9db2e365.yaml new file mode 100644 index 0000000000..35ce6f04b1 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-bbd0469101ad166f9a9d964c9db2e365.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-bbd0469101ad166f9a9d964c9db2e365 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/joli-table-of-contents/" + google-query: inurl:"/wp-content/plugins/joli-table-of-contents/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,joli-table-of-contents,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/joli-table-of-contents/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "joli-table-of-contents" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.9') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-bc060695098fbf1df6eb67d564047f66.yaml b/nuclei-templates/2022/CVE-2022-4974-bc060695098fbf1df6eb67d564047f66.yaml new file mode 100644 index 0000000000..3a8a93d2a6 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-bc060695098fbf1df6eb67d564047f66.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-bc060695098fbf1df6eb67d564047f66 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/restaurant-cafe-addon-for-elementor/" + google-query: inurl:"/wp-content/plugins/restaurant-cafe-addon-for-elementor/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,restaurant-cafe-addon-for-elementor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/restaurant-cafe-addon-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "restaurant-cafe-addon-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.4.6') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-bcf5dd2810ec7652eb46290955ae66bd.yaml b/nuclei-templates/2022/CVE-2022-4974-bcf5dd2810ec7652eb46290955ae66bd.yaml new file mode 100644 index 0000000000..34e843570b --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-bcf5dd2810ec7652eb46290955ae66bd.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-bcf5dd2810ec7652eb46290955ae66bd + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/woocommerce-eu-vat-assistant/" + google-query: inurl:"/wp-content/plugins/woocommerce-eu-vat-assistant/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,woocommerce-eu-vat-assistant,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-eu-vat-assistant/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-eu-vat-assistant" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.28.220224') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-be3b899dbb8ad644f8aa64def092c36c.yaml b/nuclei-templates/2022/CVE-2022-4974-be3b899dbb8ad644f8aa64def092c36c.yaml new file mode 100644 index 0000000000..00c4e752d9 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-be3b899dbb8ad644f8aa64def092c36c.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-be3b899dbb8ad644f8aa64def092c36c + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/seo-booster/" + google-query: inurl:"/wp-content/plugins/seo-booster/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,seo-booster,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/seo-booster/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "seo-booster" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.8.5') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-be69742448b758feeffc2fef94bd585c.yaml b/nuclei-templates/2022/CVE-2022-4974-be69742448b758feeffc2fef94bd585c.yaml new file mode 100644 index 0000000000..beaf581374 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-be69742448b758feeffc2fef94bd585c.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-be69742448b758feeffc2fef94bd585c + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/post-list-designer/" + google-query: inurl:"/wp-content/plugins/post-list-designer/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,post-list-designer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/post-list-designer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "post-list-designer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1.7') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-bec8277c6bcb6959edf8ad267522c097.yaml b/nuclei-templates/2022/CVE-2022-4974-bec8277c6bcb6959edf8ad267522c097.yaml new file mode 100644 index 0000000000..8723ec93c4 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-bec8277c6bcb6959edf8ad267522c097.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-bec8277c6bcb6959edf8ad267522c097 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/webba-booking-lite/" + google-query: inurl:"/wp-content/plugins/webba-booking-lite/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,webba-booking-lite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/webba-booking-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "webba-booking-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.2.18') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-bef48f5d5d65880f84ba07448ca4d73d.yaml b/nuclei-templates/2022/CVE-2022-4974-bef48f5d5d65880f84ba07448ca4d73d.yaml new file mode 100644 index 0000000000..e2487d52bb --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-bef48f5d5d65880f84ba07448ca4d73d.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-bef48f5d5d65880f84ba07448ca4d73d + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/bulk-edit-user-profiles-in-spreadsheet/" + google-query: inurl:"/wp-content/plugins/bulk-edit-user-profiles-in-spreadsheet/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,bulk-edit-user-profiles-in-spreadsheet,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bulk-edit-user-profiles-in-spreadsheet/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bulk-edit-user-profiles-in-spreadsheet" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.13') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-bf4237e23efec08a0ce73d460836aa47.yaml b/nuclei-templates/2022/CVE-2022-4974-bf4237e23efec08a0ce73d460836aa47.yaml new file mode 100644 index 0000000000..e2cd077f66 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-bf4237e23efec08a0ce73d460836aa47.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-bf4237e23efec08a0ce73d460836aa47 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/app-ads-txt/" + google-query: inurl:"/wp-content/plugins/app-ads-txt/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,app-ads-txt,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/app-ads-txt/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "app-ads-txt" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.7.0') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-c05d33ee0c0bdbe9a5d4708de1d3ae81.yaml b/nuclei-templates/2022/CVE-2022-4974-c05d33ee0c0bdbe9a5d4708de1d3ae81.yaml new file mode 100644 index 0000000000..227878648e --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-c05d33ee0c0bdbe9a5d4708de1d3ae81.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-c05d33ee0c0bdbe9a5d4708de1d3ae81 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/event-tickets/" + google-query: inurl:"/wp-content/plugins/event-tickets/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,event-tickets,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/event-tickets/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "event-tickets" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.3.0.1') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-c079f3d8b03cdb03220aa6e0302f08a2.yaml b/nuclei-templates/2022/CVE-2022-4974-c079f3d8b03cdb03220aa6e0302f08a2.yaml new file mode 100644 index 0000000000..a7691910ca --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-c079f3d8b03cdb03220aa6e0302f08a2.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-c079f3d8b03cdb03220aa6e0302f08a2 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/woo-product-attachment/" + google-query: inurl:"/wp-content/plugins/woo-product-attachment/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,woo-product-attachment,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-product-attachment/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-product-attachment" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1.3') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-c0edda9b92d4b0c62161180425cab74e.yaml b/nuclei-templates/2022/CVE-2022-4974-c0edda9b92d4b0c62161180425cab74e.yaml new file mode 100644 index 0000000000..90e25dab2d --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-c0edda9b92d4b0c62161180425cab74e.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-c0edda9b92d4b0c62161180425cab74e + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/internal-links/" + google-query: inurl:"/wp-content/plugins/internal-links/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,internal-links,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/internal-links/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "internal-links" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.0') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-c11cf407157383052839c3476ef8bc71.yaml b/nuclei-templates/2022/CVE-2022-4974-c11cf407157383052839c3476ef8bc71.yaml new file mode 100644 index 0000000000..b9892dd7ed --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-c11cf407157383052839c3476ef8bc71.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-c11cf407157383052839c3476ef8bc71 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/blockmeister/" + google-query: inurl:"/wp-content/plugins/blockmeister/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,blockmeister,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/blockmeister/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "blockmeister" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.0.5') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-c3db5be1a51742f1800ebd68645271ce.yaml b/nuclei-templates/2022/CVE-2022-4974-c3db5be1a51742f1800ebd68645271ce.yaml new file mode 100644 index 0000000000..d078460c67 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-c3db5be1a51742f1800ebd68645271ce.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-c3db5be1a51742f1800ebd68645271ce + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/fullworks-anti-spam/" + google-query: inurl:"/wp-content/plugins/fullworks-anti-spam/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,fullworks-anti-spam,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fullworks-anti-spam/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fullworks-anti-spam" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.2') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-c4950da5cbd10141c56c420499671594.yaml b/nuclei-templates/2022/CVE-2022-4974-c4950da5cbd10141c56c420499671594.yaml new file mode 100644 index 0000000000..bea1478764 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-c4950da5cbd10141c56c420499671594.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-c4950da5cbd10141c56c420499671594 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/woo-checkout-for-digital-goods/" + google-query: inurl:"/wp-content/plugins/woo-checkout-for-digital-goods/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,woo-checkout-for-digital-goods,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-checkout-for-digital-goods/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-checkout-for-digital-goods" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.6.4') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-c53beec8321b9d2f572b7887d89f3986.yaml b/nuclei-templates/2022/CVE-2022-4974-c53beec8321b9d2f572b7887d89f3986.yaml new file mode 100644 index 0000000000..6a8c109a0a --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-c53beec8321b9d2f572b7887d89f3986.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-c53beec8321b9d2f572b7887d89f3986 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/advanced-form-integration/" + google-query: inurl:"/wp-content/plugins/advanced-form-integration/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,advanced-form-integration,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-form-integration/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-form-integration" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.49.0') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-c76d49de417bda8e5a8ec87823f6f2ea.yaml b/nuclei-templates/2022/CVE-2022-4974-c76d49de417bda8e5a8ec87823f6f2ea.yaml new file mode 100644 index 0000000000..12829dac45 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-c76d49de417bda8e5a8ec87823f6f2ea.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-c76d49de417bda8e5a8ec87823f6f2ea + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/drop-shadow-boxes/" + google-query: inurl:"/wp-content/plugins/drop-shadow-boxes/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,drop-shadow-boxes,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/drop-shadow-boxes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "drop-shadow-boxes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.7.4') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-c9d28ba9af7ff1cee52a47de51a62b8e.yaml b/nuclei-templates/2022/CVE-2022-4974-c9d28ba9af7ff1cee52a47de51a62b8e.yaml new file mode 100644 index 0000000000..5d2adbedbf --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-c9d28ba9af7ff1cee52a47de51a62b8e.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-c9d28ba9af7ff1cee52a47de51a62b8e + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/alley-business-toolkit/" + google-query: inurl:"/wp-content/plugins/alley-business-toolkit/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,alley-business-toolkit,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/alley-business-toolkit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "alley-business-toolkit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.8') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-c9e4165b2dccdd8b7272e0245b379a56.yaml b/nuclei-templates/2022/CVE-2022-4974-c9e4165b2dccdd8b7272e0245b379a56.yaml new file mode 100644 index 0000000000..72a1afdf45 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-c9e4165b2dccdd8b7272e0245b379a56.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-c9e4165b2dccdd8b7272e0245b379a56 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/podcast-box/" + google-query: inurl:"/wp-content/plugins/podcast-box/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,podcast-box,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/podcast-box/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "podcast-box" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.2') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-c9e9b6733568db4d87fe4dca4e2a3dba.yaml b/nuclei-templates/2022/CVE-2022-4974-c9e9b6733568db4d87fe4dca4e2a3dba.yaml new file mode 100644 index 0000000000..5aa9d801db --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-c9e9b6733568db4d87fe4dca4e2a3dba.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-c9e9b6733568db4d87fe4dca4e2a3dba + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/ajax-search-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/ajax-search-for-woocommerce/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,ajax-search-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ajax-search-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ajax-search-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.17.0') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-ca33da98e7b5f995a3a01dc4a100e450.yaml b/nuclei-templates/2022/CVE-2022-4974-ca33da98e7b5f995a3a01dc4a100e450.yaml new file mode 100644 index 0000000000..aebba5e58f --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-ca33da98e7b5f995a3a01dc4a100e450.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-ca33da98e7b5f995a3a01dc4a100e450 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/addons-for-visual-composer/" + google-query: inurl:"/wp-content/plugins/addons-for-visual-composer/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,addons-for-visual-composer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/addons-for-visual-composer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "addons-for-visual-composer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.9.2') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-ca6b8e369f5d4910dcc9c3a9d4f0389e.yaml b/nuclei-templates/2022/CVE-2022-4974-ca6b8e369f5d4910dcc9c3a9d4f0389e.yaml new file mode 100644 index 0000000000..26ff743f7b --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-ca6b8e369f5d4910dcc9c3a9d4f0389e.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-ca6b8e369f5d4910dcc9c3a9d4f0389e + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/co2ok-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/co2ok-for-woocommerce/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,co2ok-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/co2ok-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "co2ok-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.9.21') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-cb43a3033745f9235059b7d1b7a3d855.yaml b/nuclei-templates/2022/CVE-2022-4974-cb43a3033745f9235059b7d1b7a3d855.yaml new file mode 100644 index 0000000000..e8bb0270d9 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-cb43a3033745f9235059b7d1b7a3d855.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-cb43a3033745f9235059b7d1b7a3d855 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/form-vibes/" + google-query: inurl:"/wp-content/plugins/form-vibes/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,form-vibes,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/form-vibes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "form-vibes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.4.3') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-cb9fa42d925b49c26314653a0263606c.yaml b/nuclei-templates/2022/CVE-2022-4974-cb9fa42d925b49c26314653a0263606c.yaml new file mode 100644 index 0000000000..f2483a33ed --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-cb9fa42d925b49c26314653a0263606c.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-cb9fa42d925b49c26314653a0263606c + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/widget-detector-elementor/" + google-query: inurl:"/wp-content/plugins/widget-detector-elementor/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,widget-detector-elementor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/widget-detector-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "widget-detector-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.0') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-cbb89ab74a996ec10221a4258810eb00.yaml b/nuclei-templates/2022/CVE-2022-4974-cbb89ab74a996ec10221a4258810eb00.yaml new file mode 100644 index 0000000000..1d21a2af70 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-cbb89ab74a996ec10221a4258810eb00.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-cbb89ab74a996ec10221a4258810eb00 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/foobox-image-lightbox/" + google-query: inurl:"/wp-content/plugins/foobox-image-lightbox/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,foobox-image-lightbox,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/foobox-image-lightbox/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "foobox-image-lightbox" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.7.17') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-cbdcd584a0d553e5260bc8af00823b8e.yaml b/nuclei-templates/2022/CVE-2022-4974-cbdcd584a0d553e5260bc8af00823b8e.yaml new file mode 100644 index 0000000000..7c7a285a26 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-cbdcd584a0d553e5260bc8af00823b8e.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-cbdcd584a0d553e5260bc8af00823b8e + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/addon-elements-for-elementor-page-builder/" + google-query: inurl:"/wp-content/plugins/addon-elements-for-elementor-page-builder/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,addon-elements-for-elementor-page-builder,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/addon-elements-for-elementor-page-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "addon-elements-for-elementor-page-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.11.14') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-ccca2f262821eaf2767551efac129b45.yaml b/nuclei-templates/2022/CVE-2022-4974-ccca2f262821eaf2767551efac129b45.yaml new file mode 100644 index 0000000000..7cfd626113 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-ccca2f262821eaf2767551efac129b45.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-ccca2f262821eaf2767551efac129b45 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/stackable-ultimate-gutenberg-blocks/" + google-query: inurl:"/wp-content/plugins/stackable-ultimate-gutenberg-blocks/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,stackable-ultimate-gutenberg-blocks,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/stackable-ultimate-gutenberg-blocks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "stackable-ultimate-gutenberg-blocks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.1.5') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-ce0f024dd15563ba85c6e36379aaef7e.yaml b/nuclei-templates/2022/CVE-2022-4974-ce0f024dd15563ba85c6e36379aaef7e.yaml new file mode 100644 index 0000000000..3795911e57 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-ce0f024dd15563ba85c6e36379aaef7e.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-ce0f024dd15563ba85c6e36379aaef7e + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/content-protector/" + google-query: inurl:"/wp-content/plugins/content-protector/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,content-protector,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/content-protector/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "content-protector" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.5.5.2') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-ce721fffeea3740758b941403121b8bc.yaml b/nuclei-templates/2022/CVE-2022-4974-ce721fffeea3740758b941403121b8bc.yaml new file mode 100644 index 0000000000..8cfa9a1c33 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-ce721fffeea3740758b941403121b8bc.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-ce721fffeea3740758b941403121b8bc + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/photoblocks-grid-gallery/" + google-query: inurl:"/wp-content/plugins/photoblocks-grid-gallery/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,photoblocks-grid-gallery,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/photoblocks-grid-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "photoblocks-grid-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.6') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-ce939a1f42ea4be90a3ab67bfaa89137.yaml b/nuclei-templates/2022/CVE-2022-4974-ce939a1f42ea4be90a3ab67bfaa89137.yaml new file mode 100644 index 0000000000..cff92cdb15 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-ce939a1f42ea4be90a3ab67bfaa89137.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-ce939a1f42ea4be90a3ab67bfaa89137 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/wp-link-bio/" + google-query: inurl:"/wp-content/plugins/wp-link-bio/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,wp-link-bio,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-link-bio/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-link-bio" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.4.5') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-ce9efb79055dbbf79750953bf0665f87.yaml b/nuclei-templates/2022/CVE-2022-4974-ce9efb79055dbbf79750953bf0665f87.yaml new file mode 100644 index 0000000000..6009bc23ef --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-ce9efb79055dbbf79750953bf0665f87.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-ce9efb79055dbbf79750953bf0665f87 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/media-download/" + google-query: inurl:"/wp-content/plugins/media-download/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,media-download,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/media-download/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "media-download" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-cf663949cda235c9ea12aa65dd114d87.yaml b/nuclei-templates/2022/CVE-2022-4974-cf663949cda235c9ea12aa65dd114d87.yaml new file mode 100644 index 0000000000..6c3424c7e7 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-cf663949cda235c9ea12aa65dd114d87.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-cf663949cda235c9ea12aa65dd114d87 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/sv-tracking-manager/" + google-query: inurl:"/wp-content/plugins/sv-tracking-manager/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,sv-tracking-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sv-tracking-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sv-tracking-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.8.02') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-cfc264a68734d039a8442050491494af.yaml b/nuclei-templates/2022/CVE-2022-4974-cfc264a68734d039a8442050491494af.yaml new file mode 100644 index 0000000000..70fbaec49a --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-cfc264a68734d039a8442050491494af.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-cfc264a68734d039a8442050491494af + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/woo-extra-flat-rate/" + google-query: inurl:"/wp-content/plugins/woo-extra-flat-rate/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,woo-extra-flat-rate,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-extra-flat-rate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-extra-flat-rate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.0.3') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-d0413a5c73e1be1ef64a4395372cedbc.yaml b/nuclei-templates/2022/CVE-2022-4974-d0413a5c73e1be1ef64a4395372cedbc.yaml new file mode 100644 index 0000000000..3f1124353e --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-d0413a5c73e1be1ef64a4395372cedbc.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-d0413a5c73e1be1ef64a4395372cedbc + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/power-ups-for-elementor/" + google-query: inurl:"/wp-content/plugins/power-ups-for-elementor/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,power-ups-for-elementor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/power-ups-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "power-ups-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.2') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-d08be97a83d2b739ada4477b602d8e9b.yaml b/nuclei-templates/2022/CVE-2022-4974-d08be97a83d2b739ada4477b602d8e9b.yaml new file mode 100644 index 0000000000..16143a4087 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-d08be97a83d2b739ada4477b602d8e9b.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-d08be97a83d2b739ada4477b602d8e9b + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/geo-mashup/" + google-query: inurl:"/wp-content/plugins/geo-mashup/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,geo-mashup,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/geo-mashup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "geo-mashup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.13.6') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-d1714713260b1ac38d2687a3a653055c.yaml b/nuclei-templates/2022/CVE-2022-4974-d1714713260b1ac38d2687a3a653055c.yaml new file mode 100644 index 0000000000..de1636430d --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-d1714713260b1ac38d2687a3a653055c.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-d1714713260b1ac38d2687a3a653055c + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/mobile-menu/" + google-query: inurl:"/wp-content/plugins/mobile-menu/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,mobile-menu,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mobile-menu/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mobile-menu" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.8.2.7') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-d2d35dd00e96c943f558aa5ac9977ffe.yaml b/nuclei-templates/2022/CVE-2022-4974-d2d35dd00e96c943f558aa5ac9977ffe.yaml new file mode 100644 index 0000000000..cfe0ffae0d --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-d2d35dd00e96c943f558aa5ac9977ffe.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-d2d35dd00e96c943f558aa5ac9977ffe + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/ethereum-wallet/" + google-query: inurl:"/wp-content/plugins/ethereum-wallet/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,ethereum-wallet,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ethereum-wallet/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ethereum-wallet" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.0.9') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-d506d4417682a9f84d0e3ca91a11a952.yaml b/nuclei-templates/2022/CVE-2022-4974-d506d4417682a9f84d0e3ca91a11a952.yaml new file mode 100644 index 0000000000..ff1124f55e --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-d506d4417682a9f84d0e3ca91a11a952.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-d506d4417682a9f84d0e3ca91a11a952 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/zip-codes-redirect/" + google-query: inurl:"/wp-content/plugins/zip-codes-redirect/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,zip-codes-redirect,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/zip-codes-redirect/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "zip-codes-redirect" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.1') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-d65808f664b6e8c9e797bd8dfcf34ce8.yaml b/nuclei-templates/2022/CVE-2022-4974-d65808f664b6e8c9e797bd8dfcf34ce8.yaml new file mode 100644 index 0000000000..876818a598 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-d65808f664b6e8c9e797bd8dfcf34ce8.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-d65808f664b6e8c9e797bd8dfcf34ce8 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/activity-log-mainwp/" + google-query: inurl:"/wp-content/plugins/activity-log-mainwp/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,activity-log-mainwp,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/activity-log-mainwp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "activity-log-mainwp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.7.1') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-d6a15db9ec07688310f52b6d7bc8adb2.yaml b/nuclei-templates/2022/CVE-2022-4974-d6a15db9ec07688310f52b6d7bc8adb2.yaml new file mode 100644 index 0000000000..49845d036d --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-d6a15db9ec07688310f52b6d7bc8adb2.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-d6a15db9ec07688310f52b6d7bc8adb2 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/advance-wc-analytics/" + google-query: inurl:"/wp-content/plugins/advance-wc-analytics/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,advance-wc-analytics,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advance-wc-analytics/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advance-wc-analytics" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.0.1') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-d719c21b3b083cea6a66583de9da5dde.yaml b/nuclei-templates/2022/CVE-2022-4974-d719c21b3b083cea6a66583de9da5dde.yaml new file mode 100644 index 0000000000..8798629232 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-d719c21b3b083cea6a66583de9da5dde.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-d719c21b3b083cea6a66583de9da5dde + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/easy-zillow-reviews/" + google-query: inurl:"/wp-content/plugins/easy-zillow-reviews/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,easy-zillow-reviews,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-zillow-reviews/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-zillow-reviews" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.4.1') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-d8a0112ba49606eff55504311d2ee470.yaml b/nuclei-templates/2022/CVE-2022-4974-d8a0112ba49606eff55504311d2ee470.yaml new file mode 100644 index 0000000000..ecba284e24 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-d8a0112ba49606eff55504311d2ee470.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-d8a0112ba49606eff55504311d2ee470 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/everlightbox/" + google-query: inurl:"/wp-content/plugins/everlightbox/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,everlightbox,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/everlightbox/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "everlightbox" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.18') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-db7adc3bfec6f5bd32f391736bc8758d.yaml b/nuclei-templates/2022/CVE-2022-4974-db7adc3bfec6f5bd32f391736bc8758d.yaml new file mode 100644 index 0000000000..d915d08246 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-db7adc3bfec6f5bd32f391736bc8758d.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-db7adc3bfec6f5bd32f391736bc8758d + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/svg-flags-lite/" + google-query: inurl:"/wp-content/plugins/svg-flags-lite/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,svg-flags-lite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/svg-flags-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "svg-flags-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 0.9.6') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-dbacd21778fe5a6999b4b954681d58ce.yaml b/nuclei-templates/2022/CVE-2022-4974-dbacd21778fe5a6999b4b954681d58ce.yaml new file mode 100644 index 0000000000..ab94592df7 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-dbacd21778fe5a6999b4b954681d58ce.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-dbacd21778fe5a6999b4b954681d58ce + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/go-viral/" + google-query: inurl:"/wp-content/plugins/go-viral/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,go-viral,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/go-viral/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "go-viral" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.8.0') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-dcb2514b27a8060ad1f629bd4d385e20.yaml b/nuclei-templates/2022/CVE-2022-4974-dcb2514b27a8060ad1f629bd4d385e20.yaml new file mode 100644 index 0000000000..39f2548b64 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-dcb2514b27a8060ad1f629bd4d385e20.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-dcb2514b27a8060ad1f629bd4d385e20 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/woo-authorize-net-gateway-aim/" + google-query: inurl:"/wp-content/plugins/woo-authorize-net-gateway-aim/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,woo-authorize-net-gateway-aim,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-authorize-net-gateway-aim/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-authorize-net-gateway-aim" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.1.27') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-df557b2e822a08ef8819aeeccc39b9a7.yaml b/nuclei-templates/2022/CVE-2022-4974-df557b2e822a08ef8819aeeccc39b9a7.yaml new file mode 100644 index 0000000000..5e026c3b36 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-df557b2e822a08ef8819aeeccc39b9a7.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-df557b2e822a08ef8819aeeccc39b9a7 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/easy-facebook-likebox/" + google-query: inurl:"/wp-content/plugins/easy-facebook-likebox/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,easy-facebook-likebox,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-facebook-likebox/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-facebook-likebox" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 6.3.4') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-df5aa62d70b6575ec633d02585533f61.yaml b/nuclei-templates/2022/CVE-2022-4974-df5aa62d70b6575ec633d02585533f61.yaml new file mode 100644 index 0000000000..a78dad561a --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-df5aa62d70b6575ec633d02585533f61.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-df5aa62d70b6575ec633d02585533f61 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/security-safe/" + google-query: inurl:"/wp-content/plugins/security-safe/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,security-safe,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/security-safe/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "security-safe" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.4.4') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-dfc9a452b1508569b5546b1566bf4a7c.yaml b/nuclei-templates/2022/CVE-2022-4974-dfc9a452b1508569b5546b1566bf4a7c.yaml new file mode 100644 index 0000000000..630ce5dbd3 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-dfc9a452b1508569b5546b1566bf4a7c.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-dfc9a452b1508569b5546b1566bf4a7c + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/greenshift-animation-and-page-builder-blocks/" + google-query: inurl:"/wp-content/plugins/greenshift-animation-and-page-builder-blocks/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,greenshift-animation-and-page-builder-blocks,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/greenshift-animation-and-page-builder-blocks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "greenshift-animation-and-page-builder-blocks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.6') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-e01357c9458733aacc86f7539c5c74bd.yaml b/nuclei-templates/2022/CVE-2022-4974-e01357c9458733aacc86f7539c5c74bd.yaml new file mode 100644 index 0000000000..beb7c3cea6 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-e01357c9458733aacc86f7539c5c74bd.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-e01357c9458733aacc86f7539c5c74bd + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/video-embed-thumbnail-generator/" + google-query: inurl:"/wp-content/plugins/video-embed-thumbnail-generator/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,video-embed-thumbnail-generator,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/video-embed-thumbnail-generator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "video-embed-thumbnail-generator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.7.4') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-e297bfd236247c466d664fb85745e474.yaml b/nuclei-templates/2022/CVE-2022-4974-e297bfd236247c466d664fb85745e474.yaml new file mode 100644 index 0000000000..fc88b1271d --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-e297bfd236247c466d664fb85745e474.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-e297bfd236247c466d664fb85745e474 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/cf7-styler/" + google-query: inurl:"/wp-content/plugins/cf7-styler/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,cf7-styler,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cf7-styler/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cf7-styler" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.4.2') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-e2d4722b2a8a3bb880e16e9b5f49e472.yaml b/nuclei-templates/2022/CVE-2022-4974-e2d4722b2a8a3bb880e16e9b5f49e472.yaml new file mode 100644 index 0000000000..4d9ba83a84 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-e2d4722b2a8a3bb880e16e9b5f49e472.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-e2d4722b2a8a3bb880e16e9b5f49e472 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/advanced-classifieds-and-directory-pro/" + google-query: inurl:"/wp-content/plugins/advanced-classifieds-and-directory-pro/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,advanced-classifieds-and-directory-pro,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-classifieds-and-directory-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-classifieds-and-directory-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.8.8') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-e3a6e3eb67a6bfb7c40cb8baa4515962.yaml b/nuclei-templates/2022/CVE-2022-4974-e3a6e3eb67a6bfb7c40cb8baa4515962.yaml new file mode 100644 index 0000000000..85026f6b07 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-e3a6e3eb67a6bfb7c40cb8baa4515962.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-e3a6e3eb67a6bfb7c40cb8baa4515962 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/print-my-blog/" + google-query: inurl:"/wp-content/plugins/print-my-blog/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,print-my-blog,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/print-my-blog/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "print-my-blog" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.11.4') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-e447a72e526d0ed91d49b1adcbd4a457.yaml b/nuclei-templates/2022/CVE-2022-4974-e447a72e526d0ed91d49b1adcbd4a457.yaml new file mode 100644 index 0000000000..2b82ad11f1 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-e447a72e526d0ed91d49b1adcbd4a457.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-e447a72e526d0ed91d49b1adcbd4a457 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/wp-contact-slider/" + google-query: inurl:"/wp-content/plugins/wp-contact-slider/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,wp-contact-slider,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-contact-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-contact-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.4.5') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-e550cf33828739228079d8ce60efdd91.yaml b/nuclei-templates/2022/CVE-2022-4974-e550cf33828739228079d8ce60efdd91.yaml new file mode 100644 index 0000000000..2a845836f1 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-e550cf33828739228079d8ce60efdd91.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-e550cf33828739228079d8ce60efdd91 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/front-editor/" + google-query: inurl:"/wp-content/plugins/front-editor/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,front-editor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/front-editor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "front-editor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.4.1') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-e75f4946f658b7d440df3bda9f1ec41c.yaml b/nuclei-templates/2022/CVE-2022-4974-e75f4946f658b7d440df3bda9f1ec41c.yaml new file mode 100644 index 0000000000..ccc07ee614 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-e75f4946f658b7d440df3bda9f1ec41c.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-e75f4946f658b7d440df3bda9f1ec41c + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/south-pole-the-offset-movement/" + google-query: inurl:"/wp-content/plugins/south-pole-the-offset-movement/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,south-pole-the-offset-movement,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/south-pole-the-offset-movement/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "south-pole-the-offset-movement" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.2.0') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-e99a3ffe38f805a3eb0137046ed8ab5f.yaml b/nuclei-templates/2022/CVE-2022-4974-e99a3ffe38f805a3eb0137046ed8ab5f.yaml new file mode 100644 index 0000000000..668837755a --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-e99a3ffe38f805a3eb0137046ed8ab5f.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-e99a3ffe38f805a3eb0137046ed8ab5f + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/post-snippets/" + google-query: inurl:"/wp-content/plugins/post-snippets/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,post-snippets,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/post-snippets/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "post-snippets" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.1.7') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-e9d9bb3c0e5e432265d5fc6d26d1a097.yaml b/nuclei-templates/2022/CVE-2022-4974-e9d9bb3c0e5e432265d5fc6d26d1a097.yaml new file mode 100644 index 0000000000..8eba0f7361 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-e9d9bb3c0e5e432265d5fc6d26d1a097.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-e9d9bb3c0e5e432265d5fc6d26d1a097 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/ultimate-blocks/" + google-query: inurl:"/wp-content/plugins/ultimate-blocks/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,ultimate-blocks,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-blocks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-blocks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.4.13') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-e9da1de70651a35bb9b73728e0be1fd8.yaml b/nuclei-templates/2022/CVE-2022-4974-e9da1de70651a35bb9b73728e0be1fd8.yaml new file mode 100644 index 0000000000..102d86ab6d --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-e9da1de70651a35bb9b73728e0be1fd8.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-e9da1de70651a35bb9b73728e0be1fd8 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/block-slider/" + google-query: inurl:"/wp-content/plugins/block-slider/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,block-slider,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/block-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "block-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.0') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-ea61a3042fd8434e7d6da8259d0963af.yaml b/nuclei-templates/2022/CVE-2022-4974-ea61a3042fd8434e7d6da8259d0963af.yaml new file mode 100644 index 0000000000..9560f3b29d --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-ea61a3042fd8434e7d6da8259d0963af.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-ea61a3042fd8434e7d6da8259d0963af + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/themes/meridia/" + google-query: inurl:"/wp-content/themes/meridia/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-theme,meridia,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/meridia/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "meridia" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.2.7') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-eb3f5816d574b3bd8ec50077d1def731.yaml b/nuclei-templates/2022/CVE-2022-4974-eb3f5816d574b3bd8ec50077d1def731.yaml new file mode 100644 index 0000000000..46e69e508b --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-eb3f5816d574b3bd8ec50077d1def731.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-eb3f5816d574b3bd8ec50077d1def731 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/content-aware-sidebars/" + google-query: inurl:"/wp-content/plugins/content-aware-sidebars/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,content-aware-sidebars,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/content-aware-sidebars/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "content-aware-sidebars" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.17.2') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-ed8b780e27b1b65633e7aabaac5e4aad.yaml b/nuclei-templates/2022/CVE-2022-4974-ed8b780e27b1b65633e7aabaac5e4aad.yaml new file mode 100644 index 0000000000..41380c2a93 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-ed8b780e27b1b65633e7aabaac5e4aad.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-ed8b780e27b1b65633e7aabaac5e4aad + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/woo-customers-manager/" + google-query: inurl:"/wp-content/plugins/woo-customers-manager/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,woo-customers-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-customers-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-customers-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.13') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-ee9870d5bef0545dced6af21473d9057.yaml b/nuclei-templates/2022/CVE-2022-4974-ee9870d5bef0545dced6af21473d9057.yaml new file mode 100644 index 0000000000..ac87563ea2 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-ee9870d5bef0545dced6af21473d9057.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-ee9870d5bef0545dced6af21473d9057 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/wp-disable-sitemap/" + google-query: inurl:"/wp-content/plugins/wp-disable-sitemap/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,wp-disable-sitemap,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-disable-sitemap/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-disable-sitemap" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.4') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-f242bfd2c0e8be63fb51d2db574ef679.yaml b/nuclei-templates/2022/CVE-2022-4974-f242bfd2c0e8be63fb51d2db574ef679.yaml new file mode 100644 index 0000000000..a8ea25cf3b --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-f242bfd2c0e8be63fb51d2db574ef679.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-f242bfd2c0e8be63fb51d2db574ef679 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/streamweasels-twitch-integration/" + google-query: inurl:"/wp-content/plugins/streamweasels-twitch-integration/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,streamweasels-twitch-integration,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/streamweasels-twitch-integration/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "streamweasels-twitch-integration" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.4') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-f26f9982bb1e43764cf1f0a2bc72f834.yaml b/nuclei-templates/2022/CVE-2022-4974-f26f9982bb1e43764cf1f0a2bc72f834.yaml new file mode 100644 index 0000000000..f2f5f6e34f --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-f26f9982bb1e43764cf1f0a2bc72f834.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-f26f9982bb1e43764cf1f0a2bc72f834 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/all-in-one-video-gallery/" + google-query: inurl:"/wp-content/plugins/all-in-one-video-gallery/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,all-in-one-video-gallery,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/all-in-one-video-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "all-in-one-video-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.5.4') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-f664f31314f0abfc4716b33fc3f07de5.yaml b/nuclei-templates/2022/CVE-2022-4974-f664f31314f0abfc4716b33fc3f07de5.yaml new file mode 100644 index 0000000000..f3fd51a315 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-f664f31314f0abfc4716b33fc3f07de5.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-f664f31314f0abfc4716b33fc3f07de5 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/content-warning-v2/" + google-query: inurl:"/wp-content/plugins/content-warning-v2/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,content-warning-v2,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/content-warning-v2/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "content-warning-v2" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.3.1') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-f6aa11b7b3de4e2b37db878772e730aa.yaml b/nuclei-templates/2022/CVE-2022-4974-f6aa11b7b3de4e2b37db878772e730aa.yaml new file mode 100644 index 0000000000..ed31952046 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-f6aa11b7b3de4e2b37db878772e730aa.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-f6aa11b7b3de4e2b37db878772e730aa + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/woo-product-reviews-shortcode/" + google-query: inurl:"/wp-content/plugins/woo-product-reviews-shortcode/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,woo-product-reviews-shortcode,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-product-reviews-shortcode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-product-reviews-shortcode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.17') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-f6e4e3de420433ba836f9cec40680a41.yaml b/nuclei-templates/2022/CVE-2022-4974-f6e4e3de420433ba836f9cec40680a41.yaml new file mode 100644 index 0000000000..104622da1a --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-f6e4e3de420433ba836f9cec40680a41.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-f6e4e3de420433ba836f9cec40680a41 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/gdpr-cookie-consent/" + google-query: inurl:"/wp-content/plugins/gdpr-cookie-consent/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,gdpr-cookie-consent,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gdpr-cookie-consent/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gdpr-cookie-consent" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1.1') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-f6e7f35ce747d3b56c9268493dc5d528.yaml b/nuclei-templates/2022/CVE-2022-4974-f6e7f35ce747d3b56c9268493dc5d528.yaml new file mode 100644 index 0000000000..589afff3d8 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-f6e7f35ce747d3b56c9268493dc5d528.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-f6e7f35ce747d3b56c9268493dc5d528 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/qyrr-code/" + google-query: inurl:"/wp-content/plugins/qyrr-code/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,qyrr-code,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/qyrr-code/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "qyrr-code" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 0.8') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-f6f86e5bca99d0ffeeabfb38f9a67bb7.yaml b/nuclei-templates/2022/CVE-2022-4974-f6f86e5bca99d0ffeeabfb38f9a67bb7.yaml new file mode 100644 index 0000000000..63360d870e --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-f6f86e5bca99d0ffeeabfb38f9a67bb7.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-f6f86e5bca99d0ffeeabfb38f9a67bb7 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/stax/" + google-query: inurl:"/wp-content/plugins/stax/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,stax,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/stax/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "stax" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.6') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-f768a11cbe483c71350c7fcc11061015.yaml b/nuclei-templates/2022/CVE-2022-4974-f768a11cbe483c71350c7fcc11061015.yaml new file mode 100644 index 0000000000..654802e500 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-f768a11cbe483c71350c7fcc11061015.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-f768a11cbe483c71350c7fcc11061015 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/rating-widget/" + google-query: inurl:"/wp-content/plugins/rating-widget/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,rating-widget,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rating-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rating-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.1.4') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-f9905f8385a22886b5f7107fb2fb456b.yaml b/nuclei-templates/2022/CVE-2022-4974-f9905f8385a22886b5f7107fb2fb456b.yaml new file mode 100644 index 0000000000..2020d84303 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-f9905f8385a22886b5f7107fb2fb456b.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-f9905f8385a22886b5f7107fb2fb456b + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/wp-notification-bell/" + google-query: inurl:"/wp-content/plugins/wp-notification-bell/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,wp-notification-bell,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-notification-bell/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-notification-bell" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.13') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-f9d90542f9aba6948d179f0c85c0be2a.yaml b/nuclei-templates/2022/CVE-2022-4974-f9d90542f9aba6948d179f0c85c0be2a.yaml new file mode 100644 index 0000000000..1afb6d28b7 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-f9d90542f9aba6948d179f0c85c0be2a.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-f9d90542f9aba6948d179f0c85c0be2a + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/post-slider-and-carousel/" + google-query: inurl:"/wp-content/plugins/post-slider-and-carousel/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,post-slider-and-carousel,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/post-slider-and-carousel/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "post-slider-and-carousel" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1.2') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-f9e5579db8346e24e94a94b4128866ec.yaml b/nuclei-templates/2022/CVE-2022-4974-f9e5579db8346e24e94a94b4128866ec.yaml new file mode 100644 index 0000000000..07942d291e --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-f9e5579db8346e24e94a94b4128866ec.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-f9e5579db8346e24e94a94b4128866ec + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/date-time-picker-field/" + google-query: inurl:"/wp-content/plugins/date-time-picker-field/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,date-time-picker-field,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/date-time-picker-field/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "date-time-picker-field" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-fb71c60c0aa05a06ad28af92e5f8e8ef.yaml b/nuclei-templates/2022/CVE-2022-4974-fb71c60c0aa05a06ad28af92e5f8e8ef.yaml new file mode 100644 index 0000000000..23f943d9f7 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-fb71c60c0aa05a06ad28af92e5f8e8ef.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-fb71c60c0aa05a06ad28af92e5f8e8ef + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/smart-variations-images/" + google-query: inurl:"/wp-content/plugins/smart-variations-images/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,smart-variations-images,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/smart-variations-images/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "smart-variations-images" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.1.10') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-fcf83d7a3c85a390f649070d5d04b65e.yaml b/nuclei-templates/2022/CVE-2022-4974-fcf83d7a3c85a390f649070d5d04b65e.yaml new file mode 100644 index 0000000000..1855b8797e --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-fcf83d7a3c85a390f649070d5d04b65e.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-fcf83d7a3c85a390f649070d5d04b65e + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/sv-provenexpert/" + google-query: inurl:"/wp-content/plugins/sv-provenexpert/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,sv-provenexpert,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sv-provenexpert/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sv-provenexpert" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.8.01') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-fd0620cebc2803fd96958b014267b406.yaml b/nuclei-templates/2022/CVE-2022-4974-fd0620cebc2803fd96958b014267b406.yaml new file mode 100644 index 0000000000..335f20b74d --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-fd0620cebc2803fd96958b014267b406.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-fd0620cebc2803fd96958b014267b406 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/quick-paypal-payments/" + google-query: inurl:"/wp-content/plugins/quick-paypal-payments/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,quick-paypal-payments,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quick-paypal-payments/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quick-paypal-payments" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.7.22') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-fde9ddb9c35e7ff65b921158259c37be.yaml b/nuclei-templates/2022/CVE-2022-4974-fde9ddb9c35e7ff65b921158259c37be.yaml new file mode 100644 index 0000000000..5148523d51 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-fde9ddb9c35e7ff65b921158259c37be.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-fde9ddb9c35e7ff65b921158259c37be + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/bulletin-announcements/" + google-query: inurl:"/wp-content/plugins/bulletin-announcements/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,bulletin-announcements,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bulletin-announcements/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bulletin-announcements" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.1.0') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-fe23fb0a252101fe292eabfd38ad93a3.yaml b/nuclei-templates/2022/CVE-2022-4974-fe23fb0a252101fe292eabfd38ad93a3.yaml new file mode 100644 index 0000000000..4465d7942f --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-fe23fb0a252101fe292eabfd38ad93a3.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-fe23fb0a252101fe292eabfd38ad93a3 + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/all-in-one-invite-codes/" + google-query: inurl:"/wp-content/plugins/all-in-one-invite-codes/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,all-in-one-invite-codes,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/all-in-one-invite-codes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "all-in-one-invite-codes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.13') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-ff237feb461175cd41bee689bce6e71c.yaml b/nuclei-templates/2022/CVE-2022-4974-ff237feb461175cd41bee689bce6e71c.yaml new file mode 100644 index 0000000000..117a004ff9 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-4974-ff237feb461175cd41bee689bce6e71c.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4974-ff237feb461175cd41bee689bce6e71c + +info: + name: > + Freemius SDK <= 2.4.2 - Missing Authorization Checks + author: topscoder + severity: medium + description: > + The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2022-4974 + metadata: + fofa-query: "wp-content/plugins/post-to-google-my-business/" + google-query: inurl:"/wp-content/plugins/post-to-google-my-business/" + shodan-query: 'vuln:CVE-2022-4974' + tags: cve,wordpress,wp-plugin,post-to-google-my-business,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/post-to-google-my-business/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "post-to-google-my-business" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.0.10') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-4974-ff9293ba28748efa2ab9a2fe77385468.yaml b/nuclei-templates/2022/CVE-2022-4974-ff9293ba28748efa2ab9a2fe77385468.yaml index 69ad815892..20f0ff2189 100644 --- a/nuclei-templates/2022/CVE-2022-4974-ff9293ba28748efa2ab9a2fe77385468.yaml +++ b/nuclei-templates/2022/CVE-2022-4974-ff9293ba28748efa2ab9a2fe77385468.yaml @@ -15,17 +15,17 @@ info: cvss-score: 6.3 cve-id: CVE-2022-4974 metadata: - fofa-query: "wp-content/plugins/past-events-extension/" - google-query: inurl:"/wp-content/plugins/past-events-extension/" + fofa-query: "wp-content/plugins/upfiv-complete-all-in-one-seo-wizard/" + google-query: inurl:"/wp-content/plugins/upfiv-complete-all-in-one-seo-wizard/" shodan-query: 'vuln:CVE-2022-4974' - tags: cve,wordpress,wp-plugin,past-events-extension,medium + tags: cve,wordpress,wp-plugin,upfiv-complete-all-in-one-seo-wizard,medium http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/past-events-extension/readme.txt" + - "{{BaseURL}}/wp-content/plugins/upfiv-complete-all-in-one-seo-wizard/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "past-events-extension" + - "upfiv-complete-all-in-one-seo-wizard" part: body - type: dsl diff --git a/nuclei-templates/2023/CVE-2023-0065-b475db76f11c4260b23d8bd3535b6728.yaml b/nuclei-templates/2023/CVE-2023-0065-b475db76f11c4260b23d8bd3535b6728.yaml index 2277e1bed3..0e081c78ef 100644 --- a/nuclei-templates/2023/CVE-2023-0065-b475db76f11c4260b23d8bd3535b6728.yaml +++ b/nuclei-templates/2023/CVE-2023-0065-b475db76f11c4260b23d8bd3535b6728.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: low description: > - The i2 Pros & Cons is vulnerable to stored Cross-Site Scripting in versions up to, and including, i2 Pros & Cons, via the 'i2_pros_and_cons' shortcode. This makes it possible for authenticated attackers with contributor-level permissions or above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + The i2 Pros & Cons is vulnerable to stored Cross-Site Scripting in versions up to, and including, 1.3.1, via the 'i2_pros_and_cons' shortcode. This makes it possible for authenticated attackers with contributor-level permissions or above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.  reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/d3dae870-9b5f-47ef-b8b2-23fac613ec00?source=api-prod diff --git a/nuclei-templates/2023/CVE-2023-0152-62af6d4201589a62691f77b8d43cd603.yaml b/nuclei-templates/2023/CVE-2023-0152-62af6d4201589a62691f77b8d43cd603.yaml index 38a593fa07..48e67c0c93 100644 --- a/nuclei-templates/2023/CVE-2023-0152-62af6d4201589a62691f77b8d43cd603.yaml +++ b/nuclei-templates/2023/CVE-2023-0152-62af6d4201589a62691f77b8d43cd603.yaml @@ -2,11 +2,11 @@ id: CVE-2023-0152-62af6d4201589a62691f77b8d43cd603 info: name: > - WP Multi Store Locator <= 2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting + WP Multi Store Locator <= 2.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting author: topscoder severity: low description: > - The WP Multi Store Locator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + The WP Multi Store Locator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 2.4.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/b9da31ff-4173-4aee-a3a6-8eebaa0d71ab?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 2.4') \ No newline at end of file + - compare_versions(version, '<= 2.4.7') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-0176-707be8e5941091fe04ef619490911b06.yaml b/nuclei-templates/2023/CVE-2023-0176-707be8e5941091fe04ef619490911b06.yaml index b4a91e540f..39867fbc46 100644 --- a/nuclei-templates/2023/CVE-2023-0176-707be8e5941091fe04ef619490911b06.yaml +++ b/nuclei-templates/2023/CVE-2023-0176-707be8e5941091fe04ef619490911b06.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: low description: > - The Giveaways and Contests by RafflePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, [up to affected version] due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page + The Giveaways and Contests by RafflePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 1.11.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/a3e7460b-1ed4-4ff7-89c7-0bd2658a800d?source=api-prod diff --git a/nuclei-templates/2023/CVE-2023-0270-6251828a5c8edb9ab81a85536a1bb806.yaml b/nuclei-templates/2023/CVE-2023-0270-6251828a5c8edb9ab81a85536a1bb806.yaml index 6ac457ced1..0afc737ad4 100644 --- a/nuclei-templates/2023/CVE-2023-0270-6251828a5c8edb9ab81a85536a1bb806.yaml +++ b/nuclei-templates/2023/CVE-2023-0270-6251828a5c8edb9ab81a85536a1bb806.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: low description: > - The YaMaps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, [up to affected version] due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page + The YaMaps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 0.6.25 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/1056804b-c317-4b9f-85ce-41b4ed0ac40a?source=api-prod diff --git a/nuclei-templates/2023/CVE-2023-0503-802d46a05f8194a49e58fa462149b429.yaml b/nuclei-templates/2023/CVE-2023-0503-802d46a05f8194a49e58fa462149b429.yaml index 52ee1e12ef..cc66ea3f83 100644 --- a/nuclei-templates/2023/CVE-2023-0503-802d46a05f8194a49e58fa462149b429.yaml +++ b/nuclei-templates/2023/CVE-2023-0503-802d46a05f8194a49e58fa462149b429.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: medium description: > - The Free WooCommerce Theme 99fy Extension plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.7. This is due to missing or incorrect nonce validation on the 'plugin_activation' function. This makes it possible for unauthenticated attackers to activate arbitrary plugins already installed (but deactivated) on the site via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + The Free WooCommerce Theme 99fy Extension plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.7. This is due to missing or incorrect nonce validation on the 'plugin_activation' function. This makes it possible for unauthenticated attackers to activate arbitrary plugins already installed (but deactivated) on the site via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/2e215a5c-7a01-4a1d-b051-3abf742bf573?source=api-prod diff --git a/nuclei-templates/2023/CVE-2023-0551-528d4f2ab3335c701e71a7525ee45dc1.yaml b/nuclei-templates/2023/CVE-2023-0551-528d4f2ab3335c701e71a7525ee45dc1.yaml index 34a669760b..07182065b3 100644 --- a/nuclei-templates/2023/CVE-2023-0551-528d4f2ab3335c701e71a7525ee45dc1.yaml +++ b/nuclei-templates/2023/CVE-2023-0551-528d4f2ab3335c701e71a7525ee45dc1.yaml @@ -2,11 +2,11 @@ id: CVE-2023-0551-528d4f2ab3335c701e71a7525ee45dc1 info: name: > - REST API TO MiniProgram <= 4.6.8 - Authenticated (Subscriber+) Media Attachment Deletion + REST API TO MiniProgram <= 4.7.7 - Authenticated (Subscriber+) Media Attachment Deletion author: topscoder severity: low description: > - The REST API TO MiniProgram plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the file_batch_delete_callback() function used to delete uploaded attachments in versions up to, and including, 4.6.8. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to delete arbitrary media files on a WordPress site. + The REST API TO MiniProgram plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the file_batch_delete_callback() function used to delete uploaded attachments in versions up to, and including, 4.7.7. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to delete arbitrary media files on a WordPress site. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/941cf3f8-20a0-4d41-8fce-1554653d98da?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 4.6.8') \ No newline at end of file + - compare_versions(version, '<= 4.7.7') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-0865-3774a92ad1d0f8c8834f7cce046be50b.yaml b/nuclei-templates/2023/CVE-2023-0865-3774a92ad1d0f8c8834f7cce046be50b.yaml index eb27b8f203..af91959892 100644 --- a/nuclei-templates/2023/CVE-2023-0865-3774a92ad1d0f8c8834f7cce046be50b.yaml +++ b/nuclei-templates/2023/CVE-2023-0865-3774a92ad1d0f8c8834f7cce046be50b.yaml @@ -15,17 +15,17 @@ info: cvss-score: 6.3 cve-id: CVE-2023-0865 metadata: - fofa-query: "wp-content/plugins/UNKNOWN-CVE-2023-0865-1/" - google-query: inurl:"/wp-content/plugins/UNKNOWN-CVE-2023-0865-1/" + fofa-query: "wp-content/plugins/woocommerce-multiple-customer-addresses/" + google-query: inurl:"/wp-content/plugins/woocommerce-multiple-customer-addresses/" shodan-query: 'vuln:CVE-2023-0865' - tags: cve,wordpress,wp-plugin,UNKNOWN-CVE-2023-0865-1,low + tags: cve,wordpress,wp-plugin,woocommerce-multiple-customer-addresses,low http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/UNKNOWN-CVE-2023-0865-1/readme.txt" + - "{{BaseURL}}/wp-content/plugins/woocommerce-multiple-customer-addresses/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "UNKNOWN-CVE-2023-0865-1" + - "woocommerce-multiple-customer-addresses" part: body - type: dsl diff --git a/nuclei-templates/2023/CVE-2023-1069-455f5ba6209fe51a3f211e50b4824678.yaml b/nuclei-templates/2023/CVE-2023-1069-455f5ba6209fe51a3f211e50b4824678.yaml index b7c0a93710..30d66c2249 100644 --- a/nuclei-templates/2023/CVE-2023-1069-455f5ba6209fe51a3f211e50b4824678.yaml +++ b/nuclei-templates/2023/CVE-2023-1069-455f5ba6209fe51a3f211e50b4824678.yaml @@ -15,17 +15,17 @@ info: cvss-score: 6.4 cve-id: CVE-2023-1069 metadata: - fofa-query: "wp-content/plugins/complianz-gdpr/" - google-query: inurl:"/wp-content/plugins/complianz-gdpr/" + fofa-query: "wp-content/plugins/complianz-gdpr-premium/" + google-query: inurl:"/wp-content/plugins/complianz-gdpr-premium/" shodan-query: 'vuln:CVE-2023-1069' - tags: cve,wordpress,wp-plugin,complianz-gdpr,low + tags: cve,wordpress,wp-plugin,complianz-gdpr-premium,low http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/complianz-gdpr/readme.txt" + - "{{BaseURL}}/wp-content/plugins/complianz-gdpr-premium/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "complianz-gdpr" + - "complianz-gdpr-premium" part: body - type: dsl diff --git a/nuclei-templates/2023/CVE-2023-1661-0b5896864286cc6fa5465f28cf6090ab.yaml b/nuclei-templates/2023/CVE-2023-1661-0b5896864286cc6fa5465f28cf6090ab.yaml index 7ff62b175e..be66b106a9 100644 --- a/nuclei-templates/2023/CVE-2023-1661-0b5896864286cc6fa5465f28cf6090ab.yaml +++ b/nuclei-templates/2023/CVE-2023-1661-0b5896864286cc6fa5465f28cf6090ab.yaml @@ -2,11 +2,11 @@ id: CVE-2023-1661-0b5896864286cc6fa5465f28cf6090ab info: name: > - Display post meta, term meta, comment meta, and user meta <= 0.4.1 - Authenticated(Contributor+) Stored Cross-Site Scripting + Display post meta, term meta, comment meta, and user meta <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting author: topscoder severity: low description: > - The Display post meta, term meta, comment meta, and user meta plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post metadata in versions up to, and including, 0.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + The Display post meta, term meta, comment meta, and user meta plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post metadata in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/6f90c0d8-ede6-4f24-870f-19e888238e93?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 0.4.1') \ No newline at end of file + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-2261-90ae1f55075c2972f8fcd052e4b85e24.yaml b/nuclei-templates/2023/CVE-2023-2261-90ae1f55075c2972f8fcd052e4b85e24.yaml index 769eac165a..5f607bd386 100644 --- a/nuclei-templates/2023/CVE-2023-2261-90ae1f55075c2972f8fcd052e4b85e24.yaml +++ b/nuclei-templates/2023/CVE-2023-2261-90ae1f55075c2972f8fcd052e4b85e24.yaml @@ -15,17 +15,17 @@ info: cvss-score: 4.3 cve-id: CVE-2023-2261 metadata: - fofa-query: "wp-content/plugins/wp-security-audit-log/" - google-query: inurl:"/wp-content/plugins/wp-security-audit-log/" + fofa-query: "wp-content/plugins/wp-security-audit-log-premium/" + google-query: inurl:"/wp-content/plugins/wp-security-audit-log-premium/" shodan-query: 'vuln:CVE-2023-2261' - tags: cve,wordpress,wp-plugin,wp-security-audit-log,low + tags: cve,wordpress,wp-plugin,wp-security-audit-log-premium,low http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/wp-security-audit-log/readme.txt" + - "{{BaseURL}}/wp-content/plugins/wp-security-audit-log-premium/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "wp-security-audit-log" + - "wp-security-audit-log-premium" part: body - type: dsl diff --git a/nuclei-templates/2023/CVE-2023-2286-442f21255ec5643d1c3676a0d2d14f8a.yaml b/nuclei-templates/2023/CVE-2023-2286-442f21255ec5643d1c3676a0d2d14f8a.yaml index b44d9752aa..267fe8e84e 100644 --- a/nuclei-templates/2023/CVE-2023-2286-442f21255ec5643d1c3676a0d2d14f8a.yaml +++ b/nuclei-templates/2023/CVE-2023-2286-442f21255ec5643d1c3676a0d2d14f8a.yaml @@ -15,17 +15,17 @@ info: cvss-score: 4.3 cve-id: CVE-2023-2286 metadata: - fofa-query: "wp-content/plugins/wp-security-audit-log/" - google-query: inurl:"/wp-content/plugins/wp-security-audit-log/" + fofa-query: "wp-content/plugins/wp-security-audit-log-premium/" + google-query: inurl:"/wp-content/plugins/wp-security-audit-log-premium/" shodan-query: 'vuln:CVE-2023-2286' - tags: cve,wordpress,wp-plugin,wp-security-audit-log,medium + tags: cve,wordpress,wp-plugin,wp-security-audit-log-premium,medium http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/wp-security-audit-log/readme.txt" + - "{{BaseURL}}/wp-content/plugins/wp-security-audit-log-premium/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "wp-security-audit-log" + - "wp-security-audit-log-premium" part: body - type: dsl diff --git a/nuclei-templates/2023/CVE-2023-2362-0e7c35a65d0d7880b28f164436f36c31.yaml b/nuclei-templates/2023/CVE-2023-2362-0e7c35a65d0d7880b28f164436f36c31.yaml new file mode 100644 index 0000000000..ccc3f54784 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-2362-0e7c35a65d0d7880b28f164436f36c31.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-2362-0e7c35a65d0d7880b28f164436f36c31 + +info: + name: > + Multiple Wow-Company Plugins (Various Versions) -- Reflected Cross-Site Scripting via 'page' parameter + author: topscoder + severity: medium + description: > + Several plugins by Wow-Company are vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8a95af34-559c-4644-9941-7bd1551aba33?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-2362 + metadata: + fofa-query: "wp-content/plugins/button-generation/" + google-query: inurl:"/wp-content/plugins/button-generation/" + shodan-query: 'vuln:CVE-2023-2362' + tags: cve,wordpress,wp-plugin,button-generation,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/button-generation/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "button-generation" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.4') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-2362-3abb7adfdb343aaeb2de2e076bccbc3b.yaml b/nuclei-templates/2023/CVE-2023-2362-3abb7adfdb343aaeb2de2e076bccbc3b.yaml new file mode 100644 index 0000000000..36c0408e2a --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-2362-3abb7adfdb343aaeb2de2e076bccbc3b.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-2362-3abb7adfdb343aaeb2de2e076bccbc3b + +info: + name: > + Multiple Wow-Company Plugins (Various Versions) -- Reflected Cross-Site Scripting via 'page' parameter + author: topscoder + severity: medium + description: > + Several plugins by Wow-Company are vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8a95af34-559c-4644-9941-7bd1551aba33?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-2362 + metadata: + fofa-query: "wp-content/plugins/counter-box/" + google-query: inurl:"/wp-content/plugins/counter-box/" + shodan-query: 'vuln:CVE-2023-2362' + tags: cve,wordpress,wp-plugin,counter-box,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/counter-box/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "counter-box" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.1') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-2362-40df26d5e5a6085ee6a9741287d50ca6.yaml b/nuclei-templates/2023/CVE-2023-2362-40df26d5e5a6085ee6a9741287d50ca6.yaml new file mode 100644 index 0000000000..8195aa42a2 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-2362-40df26d5e5a6085ee6a9741287d50ca6.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-2362-40df26d5e5a6085ee6a9741287d50ca6 + +info: + name: > + Multiple Wow-Company Plugins (Various Versions) -- Reflected Cross-Site Scripting via 'page' parameter + author: topscoder + severity: medium + description: > + Several plugins by Wow-Company are vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8a95af34-559c-4644-9941-7bd1551aba33?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-2362 + metadata: + fofa-query: "wp-content/plugins/calculator-builder/" + google-query: inurl:"/wp-content/plugins/calculator-builder/" + shodan-query: 'vuln:CVE-2023-2362' + tags: cve,wordpress,wp-plugin,calculator-builder,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/calculator-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "calculator-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.0') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-2362-5ac4da32e1f61c729261e90ccc1a4b4c.yaml b/nuclei-templates/2023/CVE-2023-2362-5ac4da32e1f61c729261e90ccc1a4b4c.yaml new file mode 100644 index 0000000000..f7eabba0da --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-2362-5ac4da32e1f61c729261e90ccc1a4b4c.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-2362-5ac4da32e1f61c729261e90ccc1a4b4c + +info: + name: > + Multiple Wow-Company Plugins (Various Versions) -- Reflected Cross-Site Scripting via 'page' parameter + author: topscoder + severity: medium + description: > + Several plugins by Wow-Company are vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8a95af34-559c-4644-9941-7bd1551aba33?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-2362 + metadata: + fofa-query: "wp-content/plugins/profit-button/" + google-query: inurl:"/wp-content/plugins/profit-button/" + shodan-query: 'vuln:CVE-2023-2362' + tags: cve,wordpress,wp-plugin,profit-button,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/profit-button/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "profit-button" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.3.0') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-2362-75675a45c5019d3a358652d57f306082.yaml b/nuclei-templates/2023/CVE-2023-2362-75675a45c5019d3a358652d57f306082.yaml new file mode 100644 index 0000000000..d1a3c81618 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-2362-75675a45c5019d3a358652d57f306082.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-2362-75675a45c5019d3a358652d57f306082 + +info: + name: > + Multiple Wow-Company Plugins (Various Versions) -- Reflected Cross-Site Scripting via 'page' parameter + author: topscoder + severity: medium + description: > + Several plugins by Wow-Company are vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8a95af34-559c-4644-9941-7bd1551aba33?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-2362 + metadata: + fofa-query: "wp-content/plugins/sticky-buttons/" + google-query: inurl:"/wp-content/plugins/sticky-buttons/" + shodan-query: 'vuln:CVE-2023-2362' + tags: cve,wordpress,wp-plugin,sticky-buttons,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sticky-buttons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sticky-buttons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.0') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-2362-8ef0496d338e743a3fdcaba0426cff19.yaml b/nuclei-templates/2023/CVE-2023-2362-8ef0496d338e743a3fdcaba0426cff19.yaml new file mode 100644 index 0000000000..8dd2dc8d99 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-2362-8ef0496d338e743a3fdcaba0426cff19.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-2362-8ef0496d338e743a3fdcaba0426cff19 + +info: + name: > + Multiple Wow-Company Plugins (Various Versions) -- Reflected Cross-Site Scripting via 'page' parameter + author: topscoder + severity: medium + description: > + Several plugins by Wow-Company are vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8a95af34-559c-4644-9941-7bd1551aba33?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-2362 + metadata: + fofa-query: "wp-content/plugins/wp-coder/" + google-query: inurl:"/wp-content/plugins/wp-coder/" + shodan-query: 'vuln:CVE-2023-2362' + tags: cve,wordpress,wp-plugin,wp-coder,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-coder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-coder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.5') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-2362-d4988d4d348a2e66d0692c78962acb15.yaml b/nuclei-templates/2023/CVE-2023-2362-d4988d4d348a2e66d0692c78962acb15.yaml index 7be995f909..aefcda5010 100644 --- a/nuclei-templates/2023/CVE-2023-2362-d4988d4d348a2e66d0692c78962acb15.yaml +++ b/nuclei-templates/2023/CVE-2023-2362-d4988d4d348a2e66d0692c78962acb15.yaml @@ -15,17 +15,17 @@ info: cvss-score: 6.1 cve-id: CVE-2023-2362 metadata: - fofa-query: "wp-content/plugins/mwp-skype/" - google-query: inurl:"/wp-content/plugins/mwp-skype/" + fofa-query: "wp-content/plugins/side-menu-lite/" + google-query: inurl:"/wp-content/plugins/side-menu-lite/" shodan-query: 'vuln:CVE-2023-2362' - tags: cve,wordpress,wp-plugin,mwp-skype,medium + tags: cve,wordpress,wp-plugin,side-menu-lite,medium http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/mwp-skype/readme.txt" + - "{{BaseURL}}/wp-content/plugins/side-menu-lite/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "mwp-skype" + - "side-menu-lite" part: body - type: dsl diff --git a/nuclei-templates/2023/CVE-2023-2362-e3cefdeb0b536585b6128ca9b135f59f.yaml b/nuclei-templates/2023/CVE-2023-2362-e3cefdeb0b536585b6128ca9b135f59f.yaml new file mode 100644 index 0000000000..bc6fc2ef54 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-2362-e3cefdeb0b536585b6128ca9b135f59f.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-2362-e3cefdeb0b536585b6128ca9b135f59f + +info: + name: > + Multiple Wow-Company Plugins (Various Versions) -- Reflected Cross-Site Scripting via 'page' parameter + author: topscoder + severity: medium + description: > + Several plugins by Wow-Company are vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8a95af34-559c-4644-9941-7bd1551aba33?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-2362 + metadata: + fofa-query: "wp-content/plugins/bubble-menu/" + google-query: inurl:"/wp-content/plugins/bubble-menu/" + shodan-query: 'vuln:CVE-2023-2362' + tags: cve,wordpress,wp-plugin,bubble-menu,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bubble-menu/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bubble-menu" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.3') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-2407-99b7693ca225acd68f2de34853ba5b24.yaml b/nuclei-templates/2023/CVE-2023-2407-99b7693ca225acd68f2de34853ba5b24.yaml index 6b4e0d3bcd..b4c292beba 100644 --- a/nuclei-templates/2023/CVE-2023-2407-99b7693ca225acd68f2de34853ba5b24.yaml +++ b/nuclei-templates/2023/CVE-2023-2407-99b7693ca225acd68f2de34853ba5b24.yaml @@ -15,17 +15,17 @@ info: cvss-score: 6.1 cve-id: CVE-2023-2407 metadata: - fofa-query: "wp-content/plugins/event-registration-calendar-by-vcita/" - google-query: inurl:"/wp-content/plugins/event-registration-calendar-by-vcita/" + fofa-query: "wp-content/plugins/paypal-payment-button-by-vcita/" + google-query: inurl:"/wp-content/plugins/paypal-payment-button-by-vcita/" shodan-query: 'vuln:CVE-2023-2407' - tags: cve,wordpress,wp-plugin,event-registration-calendar-by-vcita,medium + tags: cve,wordpress,wp-plugin,paypal-payment-button-by-vcita,medium http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/event-registration-calendar-by-vcita/readme.txt" + - "{{BaseURL}}/wp-content/plugins/paypal-payment-button-by-vcita/readme.txt" extractors: - type: regex @@ -51,9 +51,9 @@ http: - type: word words: - - "event-registration-calendar-by-vcita" + - "paypal-payment-button-by-vcita" part: body - type: dsl dsl: - - compare_versions(version, '<= 1.3.1') \ No newline at end of file + - compare_versions(version, '<= 3.9.1') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-25025-15a400d0600c577acb4c60d679a71b65.yaml b/nuclei-templates/2023/CVE-2023-25025-15a400d0600c577acb4c60d679a71b65.yaml index 280795d9bb..a902eb07da 100644 --- a/nuclei-templates/2023/CVE-2023-25025-15a400d0600c577acb4c60d679a71b65.yaml +++ b/nuclei-templates/2023/CVE-2023-25025-15a400d0600c577acb4c60d679a71b65.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: medium description: > - The WP-CopyProtect [Protect your blog posts] plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1.0. This is due to missing or incorrect nonce validation on the CopyProtect_options_page function. This makes it possible for unauthenticated attackers to modify plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + The WP-CopyProtect [Protect your blog posts] plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1.0. This is due to missing or incorrect nonce validation on the CopyProtect_options_page function. This makes it possible for unauthenticated attackers to modify plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. CVE-2023-37995 may be a duplicate of this issue. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/f6461a8f-297e-49ad-aa9b-9379f0984423?source=api-prod diff --git a/nuclei-templates/2023/CVE-2023-25989-4fa3ab92f63b3cc767ead30644947c1d.yaml b/nuclei-templates/2023/CVE-2023-25989-4fa3ab92f63b3cc767ead30644947c1d.yaml new file mode 100644 index 0000000000..6e83e25dc0 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-25989-4fa3ab92f63b3cc767ead30644947c1d.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-25989-4fa3ab92f63b3cc767ead30644947c1d + +info: + name: > + Meks Smart Social Widget <= 1.6 - Cross-Site Request Forgery via meks_remove_notification + author: topscoder + severity: medium + description: > + The Meks Smart Social Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6. This is due to missing or incorrect nonce validation on the meks_remove_notification function. This makes it possible for unauthenticated attackers to dismiss admin notices via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3d0efe1d-69ad-483c-b200-38873f88433b?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2023-25989 + metadata: + fofa-query: "wp-content/plugins/meks-smart-social-widget/" + google-query: inurl:"/wp-content/plugins/meks-smart-social-widget/" + shodan-query: 'vuln:CVE-2023-25989' + tags: cve,wordpress,wp-plugin,meks-smart-social-widget,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/meks-smart-social-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "meks-smart-social-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-25989-57834a49184fc5dde4d08086c0e8c607.yaml b/nuclei-templates/2023/CVE-2023-25989-57834a49184fc5dde4d08086c0e8c607.yaml new file mode 100644 index 0000000000..98e8399a65 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-25989-57834a49184fc5dde4d08086c0e8c607.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-25989-57834a49184fc5dde4d08086c0e8c607 + +info: + name: > + Meks Smart Social Widget <= 1.6 - Cross-Site Request Forgery via meks_remove_notification + author: topscoder + severity: medium + description: > + The Meks Smart Social Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6. This is due to missing or incorrect nonce validation on the meks_remove_notification function. This makes it possible for unauthenticated attackers to dismiss admin notices via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3d0efe1d-69ad-483c-b200-38873f88433b?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2023-25989 + metadata: + fofa-query: "wp-content/plugins/meks-smart-author-widget/" + google-query: inurl:"/wp-content/plugins/meks-smart-author-widget/" + shodan-query: 'vuln:CVE-2023-25989' + tags: cve,wordpress,wp-plugin,meks-smart-author-widget,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/meks-smart-author-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "meks-smart-author-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.3') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-25989-5a05ebeb568fba99e28ef693beeb5589.yaml b/nuclei-templates/2023/CVE-2023-25989-5a05ebeb568fba99e28ef693beeb5589.yaml new file mode 100644 index 0000000000..4345a6c34f --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-25989-5a05ebeb568fba99e28ef693beeb5589.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-25989-5a05ebeb568fba99e28ef693beeb5589 + +info: + name: > + Meks Smart Social Widget <= 1.6 - Cross-Site Request Forgery via meks_remove_notification + author: topscoder + severity: medium + description: > + The Meks Smart Social Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6. This is due to missing or incorrect nonce validation on the meks_remove_notification function. This makes it possible for unauthenticated attackers to dismiss admin notices via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3d0efe1d-69ad-483c-b200-38873f88433b?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2023-25989 + metadata: + fofa-query: "wp-content/plugins/meks-easy-ads-widget/" + google-query: inurl:"/wp-content/plugins/meks-easy-ads-widget/" + shodan-query: 'vuln:CVE-2023-25989' + tags: cve,wordpress,wp-plugin,meks-easy-ads-widget,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/meks-easy-ads-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "meks-easy-ads-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.7') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-25989-7847475c0f23cf8dbd654428178c7479.yaml b/nuclei-templates/2023/CVE-2023-25989-7847475c0f23cf8dbd654428178c7479.yaml new file mode 100644 index 0000000000..1bc5c91642 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-25989-7847475c0f23cf8dbd654428178c7479.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-25989-7847475c0f23cf8dbd654428178c7479 + +info: + name: > + Meks Smart Social Widget <= 1.6 - Cross-Site Request Forgery via meks_remove_notification + author: topscoder + severity: medium + description: > + The Meks Smart Social Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6. This is due to missing or incorrect nonce validation on the meks_remove_notification function. This makes it possible for unauthenticated attackers to dismiss admin notices via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3d0efe1d-69ad-483c-b200-38873f88433b?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2023-25989 + metadata: + fofa-query: "wp-content/plugins/meks-easy-instagram-widget/" + google-query: inurl:"/wp-content/plugins/meks-easy-instagram-widget/" + shodan-query: 'vuln:CVE-2023-25989' + tags: cve,wordpress,wp-plugin,meks-easy-instagram-widget,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/meks-easy-instagram-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "meks-easy-instagram-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.7') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-25989-ac1b7ae6e4b5bdf225a4802ac39dacb8.yaml b/nuclei-templates/2023/CVE-2023-25989-ac1b7ae6e4b5bdf225a4802ac39dacb8.yaml new file mode 100644 index 0000000000..fc73769bb3 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-25989-ac1b7ae6e4b5bdf225a4802ac39dacb8.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-25989-ac1b7ae6e4b5bdf225a4802ac39dacb8 + +info: + name: > + Meks Smart Social Widget <= 1.6 - Cross-Site Request Forgery via meks_remove_notification + author: topscoder + severity: medium + description: > + The Meks Smart Social Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6. This is due to missing or incorrect nonce validation on the meks_remove_notification function. This makes it possible for unauthenticated attackers to dismiss admin notices via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3d0efe1d-69ad-483c-b200-38873f88433b?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2023-25989 + metadata: + fofa-query: "wp-content/plugins/meks-video-importer/" + google-query: inurl:"/wp-content/plugins/meks-video-importer/" + shodan-query: 'vuln:CVE-2023-25989' + tags: cve,wordpress,wp-plugin,meks-video-importer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/meks-video-importer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "meks-video-importer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.10') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-25989-bbb2b47475726608762074a5fa082d13.yaml b/nuclei-templates/2023/CVE-2023-25989-bbb2b47475726608762074a5fa082d13.yaml index d58f9f615c..e6a982d5fd 100644 --- a/nuclei-templates/2023/CVE-2023-25989-bbb2b47475726608762074a5fa082d13.yaml +++ b/nuclei-templates/2023/CVE-2023-25989-bbb2b47475726608762074a5fa082d13.yaml @@ -15,17 +15,17 @@ info: cvss-score: 4.3 cve-id: CVE-2023-25989 metadata: - fofa-query: "wp-content/plugins/meks-audio-player/" - google-query: inurl:"/wp-content/plugins/meks-audio-player/" + fofa-query: "wp-content/plugins/meks-simple-flickr-widget/" + google-query: inurl:"/wp-content/plugins/meks-simple-flickr-widget/" shodan-query: 'vuln:CVE-2023-25989' - tags: cve,wordpress,wp-plugin,meks-audio-player,medium + tags: cve,wordpress,wp-plugin,meks-simple-flickr-widget,medium http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/meks-audio-player/readme.txt" + - "{{BaseURL}}/wp-content/plugins/meks-simple-flickr-widget/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "meks-audio-player" + - "meks-simple-flickr-widget" part: body - type: dsl diff --git a/nuclei-templates/2023/CVE-2023-25989-d7a83a933e2341baf085d4a0a8ec0a94.yaml b/nuclei-templates/2023/CVE-2023-25989-d7a83a933e2341baf085d4a0a8ec0a94.yaml new file mode 100644 index 0000000000..3cf8eae2dc --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-25989-d7a83a933e2341baf085d4a0a8ec0a94.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-25989-d7a83a933e2341baf085d4a0a8ec0a94 + +info: + name: > + Meks Smart Social Widget <= 1.6 - Cross-Site Request Forgery via meks_remove_notification + author: topscoder + severity: medium + description: > + The Meks Smart Social Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6. This is due to missing or incorrect nonce validation on the meks_remove_notification function. This makes it possible for unauthenticated attackers to dismiss admin notices via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3d0efe1d-69ad-483c-b200-38873f88433b?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2023-25989 + metadata: + fofa-query: "wp-content/plugins/meks-easy-maps/" + google-query: inurl:"/wp-content/plugins/meks-easy-maps/" + shodan-query: 'vuln:CVE-2023-25989' + tags: cve,wordpress,wp-plugin,meks-easy-maps,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/meks-easy-maps/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "meks-easy-maps" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.3') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-25989-e97b7071b300a324810416b4a7b0af4c.yaml b/nuclei-templates/2023/CVE-2023-25989-e97b7071b300a324810416b4a7b0af4c.yaml new file mode 100644 index 0000000000..4ba5b4278b --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-25989-e97b7071b300a324810416b4a7b0af4c.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-25989-e97b7071b300a324810416b4a7b0af4c + +info: + name: > + Meks Smart Social Widget <= 1.6 - Cross-Site Request Forgery via meks_remove_notification + author: topscoder + severity: medium + description: > + The Meks Smart Social Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6. This is due to missing or incorrect nonce validation on the meks_remove_notification function. This makes it possible for unauthenticated attackers to dismiss admin notices via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3d0efe1d-69ad-483c-b200-38873f88433b?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2023-25989 + metadata: + fofa-query: "wp-content/plugins/meks-time-ago/" + google-query: inurl:"/wp-content/plugins/meks-time-ago/" + shodan-query: 'vuln:CVE-2023-25989' + tags: cve,wordpress,wp-plugin,meks-time-ago,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/meks-time-ago/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "meks-time-ago" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.6') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-25989-ea0d063cd2ccf4482507b808b26a8fbf.yaml b/nuclei-templates/2023/CVE-2023-25989-ea0d063cd2ccf4482507b808b26a8fbf.yaml new file mode 100644 index 0000000000..6c58ebbeef --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-25989-ea0d063cd2ccf4482507b808b26a8fbf.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-25989-ea0d063cd2ccf4482507b808b26a8fbf + +info: + name: > + Meks Smart Social Widget <= 1.6 - Cross-Site Request Forgery via meks_remove_notification + author: topscoder + severity: medium + description: > + The Meks Smart Social Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6. This is due to missing or incorrect nonce validation on the meks_remove_notification function. This makes it possible for unauthenticated attackers to dismiss admin notices via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3d0efe1d-69ad-483c-b200-38873f88433b?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2023-25989 + metadata: + fofa-query: "wp-content/plugins/meks-themeforest-smart-widget/" + google-query: inurl:"/wp-content/plugins/meks-themeforest-smart-widget/" + shodan-query: 'vuln:CVE-2023-25989' + tags: cve,wordpress,wp-plugin,meks-themeforest-smart-widget,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/meks-themeforest-smart-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "meks-themeforest-smart-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-2688-30c516f6ea23084782d4d62d34e2fbac.yaml b/nuclei-templates/2023/CVE-2023-2688-30c516f6ea23084782d4d62d34e2fbac.yaml index b08c601564..49b9d945ad 100644 --- a/nuclei-templates/2023/CVE-2023-2688-30c516f6ea23084782d4d62d34e2fbac.yaml +++ b/nuclei-templates/2023/CVE-2023-2688-30c516f6ea23084782d4d62d34e2fbac.yaml @@ -15,17 +15,17 @@ info: cvss-score: 4.9 cve-id: CVE-2023-2688 metadata: - fofa-query: "wp-content/plugins/wp-file-upload/" - google-query: inurl:"/wp-content/plugins/wp-file-upload/" + fofa-query: "wp-content/plugins/wordpress-file-upload-pro/" + google-query: inurl:"/wp-content/plugins/wordpress-file-upload-pro/" shodan-query: 'vuln:CVE-2023-2688' - tags: cve,wordpress,wp-plugin,wp-file-upload,low + tags: cve,wordpress,wp-plugin,wordpress-file-upload-pro,low http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/wp-file-upload/readme.txt" + - "{{BaseURL}}/wp-content/plugins/wordpress-file-upload-pro/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "wp-file-upload" + - "wordpress-file-upload-pro" part: body - type: dsl diff --git a/nuclei-templates/2023/CVE-2023-2767-b859bd512d3b4d4962d3635dfc8a8f00.yaml b/nuclei-templates/2023/CVE-2023-2767-b859bd512d3b4d4962d3635dfc8a8f00.yaml index 2bcba7f8b2..f2eefc8aaa 100644 --- a/nuclei-templates/2023/CVE-2023-2767-b859bd512d3b4d4962d3635dfc8a8f00.yaml +++ b/nuclei-templates/2023/CVE-2023-2767-b859bd512d3b4d4962d3635dfc8a8f00.yaml @@ -15,17 +15,17 @@ info: cvss-score: 4.4 cve-id: CVE-2023-2767 metadata: - fofa-query: "wp-content/plugins/wp-file-upload/" - google-query: inurl:"/wp-content/plugins/wp-file-upload/" + fofa-query: "wp-content/plugins/wordpress-file-upload-pro/" + google-query: inurl:"/wp-content/plugins/wordpress-file-upload-pro/" shodan-query: 'vuln:CVE-2023-2767' - tags: cve,wordpress,wp-plugin,wp-file-upload,low + tags: cve,wordpress,wp-plugin,wordpress-file-upload-pro,low http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/wp-file-upload/readme.txt" + - "{{BaseURL}}/wp-content/plugins/wordpress-file-upload-pro/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "wp-file-upload" + - "wordpress-file-upload-pro" part: body - type: dsl diff --git a/nuclei-templates/2023/CVE-2023-27923-2bb89c8f88a3cf36ceb786691a661696.yaml b/nuclei-templates/2023/CVE-2023-27923-2bb89c8f88a3cf36ceb786691a661696.yaml index 3a4e9b71a6..8fdd01aa32 100644 --- a/nuclei-templates/2023/CVE-2023-27923-2bb89c8f88a3cf36ceb786691a661696.yaml +++ b/nuclei-templates/2023/CVE-2023-27923-2bb89c8f88a3cf36ceb786691a661696.yaml @@ -15,17 +15,17 @@ info: cvss-score: 6.4 cve-id: CVE-2023-27923 metadata: - fofa-query: "wp-content/plugins/vk-blocks-pro/" - google-query: inurl:"/wp-content/plugins/vk-blocks-pro/" + fofa-query: "wp-content/plugins/vk-blocks/" + google-query: inurl:"/wp-content/plugins/vk-blocks/" shodan-query: 'vuln:CVE-2023-27923' - tags: cve,wordpress,wp-plugin,vk-blocks-pro,low + tags: cve,wordpress,wp-plugin,vk-blocks,low http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/vk-blocks-pro/readme.txt" + - "{{BaseURL}}/wp-content/plugins/vk-blocks/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "vk-blocks-pro" + - "vk-blocks" part: body - type: dsl diff --git a/nuclei-templates/2023/CVE-2023-27925-e2fe1d10c219fa16d61a2142986cb16a.yaml b/nuclei-templates/2023/CVE-2023-27925-e2fe1d10c219fa16d61a2142986cb16a.yaml index bd7f2508c2..bd8a1246b2 100644 --- a/nuclei-templates/2023/CVE-2023-27925-e2fe1d10c219fa16d61a2142986cb16a.yaml +++ b/nuclei-templates/2023/CVE-2023-27925-e2fe1d10c219fa16d61a2142986cb16a.yaml @@ -15,17 +15,17 @@ info: cvss-score: 6.4 cve-id: CVE-2023-27925 metadata: - fofa-query: "wp-content/plugins/vk-blocks-pro/" - google-query: inurl:"/wp-content/plugins/vk-blocks-pro/" + fofa-query: "wp-content/plugins/vk-blocks/" + google-query: inurl:"/wp-content/plugins/vk-blocks/" shodan-query: 'vuln:CVE-2023-27925' - tags: cve,wordpress,wp-plugin,vk-blocks-pro,low + tags: cve,wordpress,wp-plugin,vk-blocks,low http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/vk-blocks-pro/readme.txt" + - "{{BaseURL}}/wp-content/plugins/vk-blocks/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "vk-blocks-pro" + - "vk-blocks" part: body - type: dsl diff --git a/nuclei-templates/2023/CVE-2023-2813-2fcf7acf75bdc8e28e0d9d15ce1fe4c0.yaml b/nuclei-templates/2023/CVE-2023-2813-2fcf7acf75bdc8e28e0d9d15ce1fe4c0.yaml index 943e638137..81985084bd 100644 --- a/nuclei-templates/2023/CVE-2023-2813-2fcf7acf75bdc8e28e0d9d15ce1fe4c0.yaml +++ b/nuclei-templates/2023/CVE-2023-2813-2fcf7acf75bdc8e28e0d9d15ce1fe4c0.yaml @@ -15,17 +15,17 @@ info: cvss-score: 6.1 cve-id: CVE-2023-2813 metadata: - fofa-query: "wp-content/themes/anfaust/" - google-query: inurl:"/wp-content/themes/anfaust/" + fofa-query: "wp-content/themes/aapna/" + google-query: inurl:"/wp-content/themes/aapna/" shodan-query: 'vuln:CVE-2023-2813' - tags: cve,wordpress,wp-theme,anfaust,medium + tags: cve,wordpress,wp-theme,aapna,medium http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/themes/anfaust/style.css" + - "{{BaseURL}}/wp-content/themes/aapna/style.css" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "anfaust" + - "aapna" part: body - type: dsl diff --git a/nuclei-templates/2023/CVE-2023-2813-943455ab2c284ade665b5dcf4b757d8d.yaml b/nuclei-templates/2023/CVE-2023-2813-943455ab2c284ade665b5dcf4b757d8d.yaml new file mode 100644 index 0000000000..c027d1346f --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-2813-943455ab2c284ade665b5dcf4b757d8d.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-2813-943455ab2c284ade665b5dcf4b757d8d + +info: + name: > + Multiple Themes (Various Versions) - Reflected Cross-Site Scripting via Search Field + author: topscoder + severity: medium + description: > + Multiple themes for WordPress are vulnerable to Reflected Cross-Site Scripting via the search field in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/32253923-ffec-4312-bcdf-06c5aed77d30?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-2813 + metadata: + fofa-query: "wp-content/themes/bazaar-lite/" + google-query: inurl:"/wp-content/themes/bazaar-lite/" + shodan-query: 'vuln:CVE-2023-2813' + tags: cve,wordpress,wp-theme,bazaar-lite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/bazaar-lite/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bazaar-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.8.6') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-2813-a6a99722ca268c1e8e646cf0a731a17f.yaml b/nuclei-templates/2023/CVE-2023-2813-a6a99722ca268c1e8e646cf0a731a17f.yaml new file mode 100644 index 0000000000..1693a56367 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-2813-a6a99722ca268c1e8e646cf0a731a17f.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-2813-a6a99722ca268c1e8e646cf0a731a17f + +info: + name: > + Multiple Themes (Various Versions) - Reflected Cross-Site Scripting via Search Field + author: topscoder + severity: medium + description: > + Multiple themes for WordPress are vulnerable to Reflected Cross-Site Scripting via the search field in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/32253923-ffec-4312-bcdf-06c5aed77d30?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-2813 + metadata: + fofa-query: "wp-content/themes/cafe-bistro/" + google-query: inurl:"/wp-content/themes/cafe-bistro/" + shodan-query: 'vuln:CVE-2023-2813' + tags: cve,wordpress,wp-theme,cafe-bistro,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/cafe-bistro/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cafe-bistro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.4') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-2813-ac81b30542ef7cbc9416ebb2ae7cd9fa.yaml b/nuclei-templates/2023/CVE-2023-2813-ac81b30542ef7cbc9416ebb2ae7cd9fa.yaml new file mode 100644 index 0000000000..ccf55a4e0a --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-2813-ac81b30542ef7cbc9416ebb2ae7cd9fa.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-2813-ac81b30542ef7cbc9416ebb2ae7cd9fa + +info: + name: > + Multiple Themes (Various Versions) - Reflected Cross-Site Scripting via Search Field + author: topscoder + severity: medium + description: > + Multiple themes for WordPress are vulnerable to Reflected Cross-Site Scripting via the search field in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/32253923-ffec-4312-bcdf-06c5aed77d30?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-2813 + metadata: + fofa-query: "wp-content/themes/arendelle/" + google-query: inurl:"/wp-content/themes/arendelle/" + shodan-query: 'vuln:CVE-2023-2813' + tags: cve,wordpress,wp-theme,arendelle,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/arendelle/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "arendelle" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.3') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-2813-d0089edca3bdcde2f8599d1d77504705.yaml b/nuclei-templates/2023/CVE-2023-2813-d0089edca3bdcde2f8599d1d77504705.yaml new file mode 100644 index 0000000000..23d279b07e --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-2813-d0089edca3bdcde2f8599d1d77504705.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-2813-d0089edca3bdcde2f8599d1d77504705 + +info: + name: > + Multiple Themes (Various Versions) - Reflected Cross-Site Scripting via Search Field + author: topscoder + severity: medium + description: > + Multiple themes for WordPress are vulnerable to Reflected Cross-Site Scripting via the search field in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/32253923-ffec-4312-bcdf-06c5aed77d30?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-2813 + metadata: + fofa-query: "wp-content/themes/bunnypresslite/" + google-query: inurl:"/wp-content/themes/bunnypresslite/" + shodan-query: 'vuln:CVE-2023-2813' + tags: cve,wordpress,wp-theme,bunnypresslite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/bunnypresslite/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bunnypresslite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-28170-3dac274111390979a9165522042fba57.yaml b/nuclei-templates/2023/CVE-2023-28170-3dac274111390979a9165522042fba57.yaml index 40d41972c7..ce4a9e2b48 100644 --- a/nuclei-templates/2023/CVE-2023-28170-3dac274111390979a9165522042fba57.yaml +++ b/nuclei-templates/2023/CVE-2023-28170-3dac274111390979a9165522042fba57.yaml @@ -2,11 +2,11 @@ id: CVE-2023-28170-3dac274111390979a9165522042fba57 info: name: > - Theme Demo Import <= 1.1.1 - Authenticated (Administrator+) Arbitrary File Upload + Theme Demo Import <= 1.1.3 - Authenticated (Administrator+) Arbitrary File Upload author: topscoder severity: low description: > - The Theme Demo Import plugin for WordPress is vulnerable to arbitrary file uploads in versions up to, and including, 1.1.1. This makes it possible for authenticated attackers with administrator privileges to upload arbitrary files on the affected site's server which may make remote code execution possible. + The Theme Demo Import plugin for WordPress is vulnerable to arbitrary file uploads in versions up to, and including, 1.1.3. This makes it possible for authenticated attackers with administrator privileges to upload arbitrary files on the affected site's server which may make remote code execution possible. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/186180ed-321f-4618-8828-65b93fa054a4?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 1.1.1') \ No newline at end of file + - compare_versions(version, '<= 1.1.3') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-28490-a3d69054bc38af3766bbfa5a8ae17557.yaml b/nuclei-templates/2023/CVE-2023-28490-a3d69054bc38af3766bbfa5a8ae17557.yaml index 0a798a643d..041f8ed9ce 100644 --- a/nuclei-templates/2023/CVE-2023-28490-a3d69054bc38af3766bbfa5a8ae17557.yaml +++ b/nuclei-templates/2023/CVE-2023-28490-a3d69054bc38af3766bbfa5a8ae17557.yaml @@ -2,11 +2,11 @@ id: CVE-2023-28490-a3d69054bc38af3766bbfa5a8ae17557 info: name: > - WordPress Mortgage Calculator Estatik <= 2.0.7 - Reflected Cross-Site Scripting + WordPress Mortgage Calculator Estatik <= 2.0.11 - Reflected Cross-Site Scripting author: topscoder severity: medium description: > - The WordPress Mortgage Calculator Estatik plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via an unknown parameter in versions up to, and including, 2.0.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + The WordPress Mortgage Calculator Estatik plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via an unknown parameter in versions up to, and including, 2.0.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/5ce9dd21-3c89-4ddd-9022-f1edf1224e2d?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 2.0.7') \ No newline at end of file + - compare_versions(version, '<= 2.0.11') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-28621-daf9d21a86b05476c6f1c0a1c4e68953.yaml b/nuclei-templates/2023/CVE-2023-28621-daf9d21a86b05476c6f1c0a1c4e68953.yaml index 920fb656c9..67d0917f7c 100644 --- a/nuclei-templates/2023/CVE-2023-28621-daf9d21a86b05476c6f1c0a1c4e68953.yaml +++ b/nuclei-templates/2023/CVE-2023-28621-daf9d21a86b05476c6f1c0a1c4e68953.yaml @@ -15,17 +15,17 @@ info: cvss-score: 6.1 cve-id: CVE-2023-28621 metadata: - fofa-query: "wp-content/themes/raise-mag/" - google-query: inurl:"/wp-content/themes/raise-mag/" + fofa-query: "wp-content/themes/wishful-blog/" + google-query: inurl:"/wp-content/themes/wishful-blog/" shodan-query: 'vuln:CVE-2023-28621' - tags: cve,wordpress,wp-theme,raise-mag,high + tags: cve,wordpress,wp-theme,wishful-blog,high http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/themes/raise-mag/style.css" + - "{{BaseURL}}/wp-content/themes/wishful-blog/style.css" extractors: - type: regex @@ -51,9 +51,9 @@ http: - type: word words: - - "raise-mag" + - "wishful-blog" part: body - type: dsl dsl: - - compare_versions(version, '<= 1.0.7') \ No newline at end of file + - compare_versions(version, '<= 2.0.1') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-28687-17befc61d6e89ec03abb594bda84e1f3.yaml b/nuclei-templates/2023/CVE-2023-28687-17befc61d6e89ec03abb594bda84e1f3.yaml new file mode 100644 index 0000000000..c7c868cb4e --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-28687-17befc61d6e89ec03abb594bda84e1f3.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-28687-17befc61d6e89ec03abb594bda84e1f3 + +info: + name: > + Cream Blog, Fascinate, Glaze Blog Lite, & Everest News (All Versions) - Cross-Site Scripting + author: topscoder + severity: high + description: > + The Cream Blog theme for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 2.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9b97404f-c34d-483d-b11c-03a706306270?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-28687 + metadata: + fofa-query: "wp-content/themes/fascinate/" + google-query: inurl:"/wp-content/themes/fascinate/" + shodan-query: 'vuln:CVE-2023-28687' + tags: cve,wordpress,wp-theme,fascinate,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/fascinate/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fascinate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.8') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-28687-5b5b1515fb1f47493dcbc4b54904cc5f.yaml b/nuclei-templates/2023/CVE-2023-28687-5b5b1515fb1f47493dcbc4b54904cc5f.yaml new file mode 100644 index 0000000000..64a79c4b8c --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-28687-5b5b1515fb1f47493dcbc4b54904cc5f.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-28687-5b5b1515fb1f47493dcbc4b54904cc5f + +info: + name: > + Cream Blog, Fascinate, Glaze Blog Lite, & Everest News (All Versions) - Cross-Site Scripting + author: topscoder + severity: high + description: > + The Cream Blog theme for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 2.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9b97404f-c34d-483d-b11c-03a706306270?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-28687 + metadata: + fofa-query: "wp-content/themes/cream-blog/" + google-query: inurl:"/wp-content/themes/cream-blog/" + shodan-query: 'vuln:CVE-2023-28687' + tags: cve,wordpress,wp-theme,cream-blog,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/cream-blog/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cream-blog" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.3') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-28687-704e62cfdc939c1396437307da642111.yaml b/nuclei-templates/2023/CVE-2023-28687-704e62cfdc939c1396437307da642111.yaml index f844213d0a..e9babdf63c 100644 --- a/nuclei-templates/2023/CVE-2023-28687-704e62cfdc939c1396437307da642111.yaml +++ b/nuclei-templates/2023/CVE-2023-28687-704e62cfdc939c1396437307da642111.yaml @@ -15,17 +15,17 @@ info: cvss-score: 6.1 cve-id: CVE-2023-28687 metadata: - fofa-query: "wp-content/themes/everest-news/" - google-query: inurl:"/wp-content/themes/everest-news/" + fofa-query: "wp-content/themes/glaze-blog-lite/" + google-query: inurl:"/wp-content/themes/glaze-blog-lite/" shodan-query: 'vuln:CVE-2023-28687' - tags: cve,wordpress,wp-theme,everest-news,high + tags: cve,wordpress,wp-theme,glaze-blog-lite,high http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/themes/everest-news/style.css" + - "{{BaseURL}}/wp-content/themes/glaze-blog-lite/style.css" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "everest-news" + - "glaze-blog-lite" part: body - type: dsl diff --git a/nuclei-templates/2023/CVE-2023-3041-e2b755c80ce4d0d5be29017279377c6d.yaml b/nuclei-templates/2023/CVE-2023-3041-e2b755c80ce4d0d5be29017279377c6d.yaml index a6ddd2b3b8..61c00061f8 100644 --- a/nuclei-templates/2023/CVE-2023-3041-e2b755c80ce4d0d5be29017279377c6d.yaml +++ b/nuclei-templates/2023/CVE-2023-3041-e2b755c80ce4d0d5be29017279377c6d.yaml @@ -2,11 +2,11 @@ id: CVE-2023-3041-e2b755c80ce4d0d5be29017279377c6d info: name: > - Autochat Automatic Conversation <= 1.1.7 - Unauthenticated Stored Cross-Site Scripting + Autochat Automatic Conversation <= 1.1.9 - Unauthenticated Stored Cross-Site Scripting author: topscoder severity: high description: > - The Autochat Automatic Conversation plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + The Autochat Automatic Conversation plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/e9ad533d-4ec0-42a0-99fc-75fc59498c94?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 1.1.7') \ No newline at end of file + - compare_versions(version, '<= 1.1.9') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-30480-fd9390194af9ea2eefec335991d1fe24.yaml b/nuclei-templates/2023/CVE-2023-30480-fd9390194af9ea2eefec335991d1fe24.yaml index 5bc0ac0a15..59039fe97d 100644 --- a/nuclei-templates/2023/CVE-2023-30480-fd9390194af9ea2eefec335991d1fe24.yaml +++ b/nuclei-templates/2023/CVE-2023-30480-fd9390194af9ea2eefec335991d1fe24.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: low description: > - The Educenter theme for WordPress is vulnerable to unauthorized plugin activation due to a missing capability check on the activate_plugin function called via and AJAX action in versions up to, and including, 1.5.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to activate arbitrary plugins. + The Educenter theme for WordPress is vulnerable to unauthorized plugin activation due to a missing capability check on the activate_plugin function called via an AJAX action in versions up to, and including, 1.5.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to activate arbitrary plugins. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/344ad959-038a-46d1-b515-ae3473af8209?source=api-prod diff --git a/nuclei-templates/2023/CVE-2023-30500-c456fad8727a444d652a2c0ff57885b9.yaml b/nuclei-templates/2023/CVE-2023-30500-c456fad8727a444d652a2c0ff57885b9.yaml index 4c9a184130..8526cf254b 100644 --- a/nuclei-templates/2023/CVE-2023-30500-c456fad8727a444d652a2c0ff57885b9.yaml +++ b/nuclei-templates/2023/CVE-2023-30500-c456fad8727a444d652a2c0ff57885b9.yaml @@ -15,17 +15,17 @@ info: cvss-score: 6.1 cve-id: CVE-2023-30500 metadata: - fofa-query: "wp-content/plugins/wpforms-lite/" - google-query: inurl:"/wp-content/plugins/wpforms-lite/" + fofa-query: "wp-content/plugins/wpforms/" + google-query: inurl:"/wp-content/plugins/wpforms/" shodan-query: 'vuln:CVE-2023-30500' - tags: cve,wordpress,wp-plugin,wpforms-lite,medium + tags: cve,wordpress,wp-plugin,wpforms,medium http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/wpforms-lite/readme.txt" + - "{{BaseURL}}/wp-content/plugins/wpforms/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "wpforms-lite" + - "wpforms" part: body - type: dsl diff --git a/nuclei-templates/2023/CVE-2023-30777-6ba9a886f8cf569f9e4ff14279a528a4.yaml b/nuclei-templates/2023/CVE-2023-30777-6ba9a886f8cf569f9e4ff14279a528a4.yaml index e469495e93..39465b340c 100644 --- a/nuclei-templates/2023/CVE-2023-30777-6ba9a886f8cf569f9e4ff14279a528a4.yaml +++ b/nuclei-templates/2023/CVE-2023-30777-6ba9a886f8cf569f9e4ff14279a528a4.yaml @@ -15,17 +15,17 @@ info: cvss-score: 6.1 cve-id: CVE-2023-30777 metadata: - fofa-query: "wp-content/plugins/advanced-custom-fields/" - google-query: inurl:"/wp-content/plugins/advanced-custom-fields/" + fofa-query: "wp-content/plugins/advanced-custom-fields-pro/" + google-query: inurl:"/wp-content/plugins/advanced-custom-fields-pro/" shodan-query: 'vuln:CVE-2023-30777' - tags: cve,wordpress,wp-plugin,advanced-custom-fields,medium + tags: cve,wordpress,wp-plugin,advanced-custom-fields-pro,medium http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/advanced-custom-fields/readme.txt" + - "{{BaseURL}}/wp-content/plugins/advanced-custom-fields-pro/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "advanced-custom-fields" + - "advanced-custom-fields-pro" part: body - type: dsl diff --git a/nuclei-templates/2023/CVE-2023-30874-e6d219b149069b018d2e19e46a3f7e7b.yaml b/nuclei-templates/2023/CVE-2023-30874-e6d219b149069b018d2e19e46a3f7e7b.yaml index 158c328682..19633254da 100644 --- a/nuclei-templates/2023/CVE-2023-30874-e6d219b149069b018d2e19e46a3f7e7b.yaml +++ b/nuclei-templates/2023/CVE-2023-30874-e6d219b149069b018d2e19e46a3f7e7b.yaml @@ -2,11 +2,11 @@ id: CVE-2023-30874-e6d219b149069b018d2e19e46a3f7e7b info: name: > - GPS Plotter <= 5.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting + GPS Plotter <= 5.3.0 - Authenticated (Administrator+) Stored Cross-Site Scripting author: topscoder severity: low description: > - The GPS Plotter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 5.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled. + The GPS Plotter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 5.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/ca449d15-b05e-4341-99b0-472a14cab8f4?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 5.2.0') \ No newline at end of file + - compare_versions(version, '<= 5.3.0') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-3092-8dc174711afbfce53b944dd2a53d2249.yaml b/nuclei-templates/2023/CVE-2023-3092-8dc174711afbfce53b944dd2a53d2249.yaml index 1e490e4e53..1afa215ea1 100644 --- a/nuclei-templates/2023/CVE-2023-3092-8dc174711afbfce53b944dd2a53d2249.yaml +++ b/nuclei-templates/2023/CVE-2023-3092-8dc174711afbfce53b944dd2a53d2249.yaml @@ -2,11 +2,11 @@ id: CVE-2023-3092-8dc174711afbfce53b944dd2a53d2249 info: name: > - SMTP Mail <= 1.3.21 - Unauthenticated Stored Cross-Site Scripting via Email Subject + SMTP Mail <= 1.3.38 - Unauthenticated Stored Cross-Site Scripting via Email Subject author: topscoder severity: high description: > - The SMTP Mail plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an email subject in versions up to, and including, 1.3.21 due to insufficient input sanitization and output escaping when the 'Save Data SendMail' feature is enabled. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + The SMTP Mail plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an email subject in versions up to, and including, 1.3.38 due to insufficient input sanitization and output escaping when the 'Save Data SendMail' feature is enabled. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/8ae734d1-0cd4-4ff5-8448-828b0fb64f70?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 1.3.21') \ No newline at end of file + - compare_versions(version, '<= 1.3.38') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-3093-c42e349ee609858d8640c9b64cb2edf9.yaml b/nuclei-templates/2023/CVE-2023-3093-c42e349ee609858d8640c9b64cb2edf9.yaml index 7dc84d52be..86ebacea7b 100644 --- a/nuclei-templates/2023/CVE-2023-3093-c42e349ee609858d8640c9b64cb2edf9.yaml +++ b/nuclei-templates/2023/CVE-2023-3093-c42e349ee609858d8640c9b64cb2edf9.yaml @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '2.4.5') \ No newline at end of file + - compare_versions(version, '<= 2.4.5') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-31092-b857b1a4fbd8792a9aaa43fd0fabc1c8.yaml b/nuclei-templates/2023/CVE-2023-31092-b857b1a4fbd8792a9aaa43fd0fabc1c8.yaml index 409fc10ed5..88b8658da5 100644 --- a/nuclei-templates/2023/CVE-2023-31092-b857b1a4fbd8792a9aaa43fd0fabc1c8.yaml +++ b/nuclei-templates/2023/CVE-2023-31092-b857b1a4fbd8792a9aaa43fd0fabc1c8.yaml @@ -2,11 +2,11 @@ id: CVE-2023-31092-b857b1a4fbd8792a9aaa43fd0fabc1c8 info: name: > - Easy Bet <= 1.0.2 - Authenticated(Contributor+) SQL Injection + Easy Bet <= 1.0.7 - Authenticated(Contributor+) SQL Injection author: topscoder severity: low description: > - The Easy Bet plugin for WordPress is vulnerable to generic SQL Injection via multiple parameters in versions up to, and including, 1.0.2 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with contributor-level permissions or above to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + The Easy Bet plugin for WordPress is vulnerable to generic SQL Injection via multiple parameters in versions up to, and including, 1.0.7 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with contributor-level permissions or above to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/a833fe01-caf5-434a-82f9-8d3ac755a66f?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 1.0.2') \ No newline at end of file + - compare_versions(version, '<= 1.0.7') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-32119-579ff724a8e6efb5b0512edc7ca978a3.yaml b/nuclei-templates/2023/CVE-2023-32119-579ff724a8e6efb5b0512edc7ca978a3.yaml index 2e65c87b1f..99dc2586fd 100644 --- a/nuclei-templates/2023/CVE-2023-32119-579ff724a8e6efb5b0512edc7ca978a3.yaml +++ b/nuclei-templates/2023/CVE-2023-32119-579ff724a8e6efb5b0512edc7ca978a3.yaml @@ -4,7 +4,7 @@ info: name: > WPO365 | Mail Integration for Office 365 / Outlook <= 1.9.0 - reflected Cross-Site Scripting via error_description author: topscoder - severity: high + severity: medium description: > The WPO365 | Mail Integration for Office 365 / Outlook plugin for WordPress is vulnerable to reflected Cross-Site Scripting via the ‘error_description’ parameter in versions up to, and including, 1.9.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. reference: @@ -18,7 +18,7 @@ info: fofa-query: "wp-content/plugins/mail-integration-365/" google-query: inurl:"/wp-content/plugins/mail-integration-365/" shodan-query: 'vuln:CVE-2023-32119' - tags: cve,wordpress,wp-plugin,mail-integration-365,high + tags: cve,wordpress,wp-plugin,mail-integration-365,medium http: - method: GET diff --git a/nuclei-templates/2023/CVE-2023-3244-f0ccaed9953b8e44a25f437c5b62a00b.yaml b/nuclei-templates/2023/CVE-2023-3244-f0ccaed9953b8e44a25f437c5b62a00b.yaml index 9714c2d22e..674351226f 100644 --- a/nuclei-templates/2023/CVE-2023-3244-f0ccaed9953b8e44a25f437c5b62a00b.yaml +++ b/nuclei-templates/2023/CVE-2023-3244-f0ccaed9953b8e44a25f437c5b62a00b.yaml @@ -11,8 +11,8 @@ info: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/66019297-a8a8-4bbc-99db-4b47066f3e50?source=api-prod classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N - cvss-score: 5.3 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 cve-id: CVE-2023-3244 metadata: fofa-query: "wp-content/plugins/comments-like-dislike/" diff --git a/nuclei-templates/2023/CVE-2023-32959-5bfaa9453b647ce052ebaf06bb05b73d.yaml b/nuclei-templates/2023/CVE-2023-32959-5bfaa9453b647ce052ebaf06bb05b73d.yaml new file mode 100644 index 0000000000..5fa12f4873 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-32959-5bfaa9453b647ce052ebaf06bb05b73d.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-32959-5bfaa9453b647ce052ebaf06bb05b73d + +info: + name: > + Multiple sparklewpthemes Themes (Various versions) - Missing Authorization to Arbitrary Plugin Activation + author: topscoder + severity: low + description: > + Several themes for WordPress are vulnerable to unauthorized modification of data due to a missing capability check on the activate_plugin() function called via an AJAX action in various versions. This makes it possible for authenticated attackers, with subscriber-level access and above, to activate arbitrary plugins. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c37bfdeb-2d0c-4ace-94cc-b85c16985994?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N + cvss-score: 5.3 + cve-id: CVE-2023-32959 + metadata: + fofa-query: "wp-content/themes/sparklestore/" + google-query: inurl:"/wp-content/themes/sparklestore/" + shodan-query: 'vuln:CVE-2023-32959' + tags: cve,wordpress,wp-theme,sparklestore,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/sparklestore/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sparklestore" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.2') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-32959-7f95823e36e58fa177d65b2d584aa924.yaml b/nuclei-templates/2023/CVE-2023-32959-7f95823e36e58fa177d65b2d584aa924.yaml index 34bfa6fcb5..7074a76fc7 100644 --- a/nuclei-templates/2023/CVE-2023-32959-7f95823e36e58fa177d65b2d584aa924.yaml +++ b/nuclei-templates/2023/CVE-2023-32959-7f95823e36e58fa177d65b2d584aa924.yaml @@ -15,17 +15,17 @@ info: cvss-score: 5.3 cve-id: CVE-2023-32959 metadata: - fofa-query: "wp-content/themes/kathmag/" - google-query: inurl:"/wp-content/themes/kathmag/" + fofa-query: "wp-content/themes/sparklestore/" + google-query: inurl:"/wp-content/themes/sparklestore/" shodan-query: 'vuln:CVE-2023-32959' - tags: cve,wordpress,wp-theme,kathmag,low + tags: cve,wordpress,wp-theme,sparklestore,low http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/themes/kathmag/style.css" + - "{{BaseURL}}/wp-content/themes/sparklestore/style.css" extractors: - type: regex @@ -51,9 +51,9 @@ http: - type: word words: - - "kathmag" + - "sparklestore" part: body - type: dsl dsl: - - compare_versions(version, '<= 1.0.6') \ No newline at end of file + - compare_versions(version, '<= 1.6.5') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-32959-88d03a1aafd85d411c7ddeb0a9b00822.yaml b/nuclei-templates/2023/CVE-2023-32959-88d03a1aafd85d411c7ddeb0a9b00822.yaml new file mode 100644 index 0000000000..abda019b99 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-32959-88d03a1aafd85d411c7ddeb0a9b00822.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-32959-88d03a1aafd85d411c7ddeb0a9b00822 + +info: + name: > + Multiple sparklewpthemes Themes (Various versions) - Missing Authorization to Arbitrary Plugin Activation + author: topscoder + severity: low + description: > + Several themes for WordPress are vulnerable to unauthorized modification of data due to a missing capability check on the activate_plugin() function called via an AJAX action in various versions. This makes it possible for authenticated attackers, with subscriber-level access and above, to activate arbitrary plugins. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c37bfdeb-2d0c-4ace-94cc-b85c16985994?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N + cvss-score: 5.3 + cve-id: CVE-2023-32959 + metadata: + fofa-query: "wp-content/themes/appzend/" + google-query: inurl:"/wp-content/themes/appzend/" + shodan-query: 'vuln:CVE-2023-32959' + tags: cve,wordpress,wp-theme,appzend,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/appzend/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "appzend" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.3') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-32959-b6b66be8567a16589e1aee3a1e63ea81.yaml b/nuclei-templates/2023/CVE-2023-32959-b6b66be8567a16589e1aee3a1e63ea81.yaml new file mode 100644 index 0000000000..5e3070a11d --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-32959-b6b66be8567a16589e1aee3a1e63ea81.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-32959-b6b66be8567a16589e1aee3a1e63ea81 + +info: + name: > + Multiple sparklewpthemes Themes (Various versions) - Missing Authorization to Arbitrary Plugin Activation + author: topscoder + severity: low + description: > + Several themes for WordPress are vulnerable to unauthorized modification of data due to a missing capability check on the activate_plugin() function called via an AJAX action in various versions. This makes it possible for authenticated attackers, with subscriber-level access and above, to activate arbitrary plugins. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c37bfdeb-2d0c-4ace-94cc-b85c16985994?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N + cvss-score: 5.3 + cve-id: CVE-2023-32959 + metadata: + fofa-query: "wp-content/themes/medical-heed/" + google-query: inurl:"/wp-content/themes/medical-heed/" + shodan-query: 'vuln:CVE-2023-32959' + tags: cve,wordpress,wp-theme,medical-heed,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/medical-heed/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "medical-heed" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.6') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-32959-bbdbedec692c4dfc56fe1b37202717d2.yaml b/nuclei-templates/2023/CVE-2023-32959-bbdbedec692c4dfc56fe1b37202717d2.yaml new file mode 100644 index 0000000000..a05f621743 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-32959-bbdbedec692c4dfc56fe1b37202717d2.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-32959-bbdbedec692c4dfc56fe1b37202717d2 + +info: + name: > + Multiple sparklewpthemes Themes (Various versions) - Missing Authorization to Arbitrary Plugin Activation + author: topscoder + severity: low + description: > + Several themes for WordPress are vulnerable to unauthorized modification of data due to a missing capability check on the activate_plugin() function called via an AJAX action in various versions. This makes it possible for authenticated attackers, with subscriber-level access and above, to activate arbitrary plugins. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c37bfdeb-2d0c-4ace-94cc-b85c16985994?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N + cvss-score: 5.3 + cve-id: CVE-2023-32959 + metadata: + fofa-query: "wp-content/themes/kingcabs/" + google-query: inurl:"/wp-content/themes/kingcabs/" + shodan-query: 'vuln:CVE-2023-32959' + tags: cve,wordpress,wp-theme,kingcabs,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/kingcabs/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "kingcabs" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.8') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-32959-be0523cb8157775894ddcb6700cd3b40.yaml b/nuclei-templates/2023/CVE-2023-32959-be0523cb8157775894ddcb6700cd3b40.yaml index 62986d87a9..b474700afc 100644 --- a/nuclei-templates/2023/CVE-2023-32959-be0523cb8157775894ddcb6700cd3b40.yaml +++ b/nuclei-templates/2023/CVE-2023-32959-be0523cb8157775894ddcb6700cd3b40.yaml @@ -15,17 +15,17 @@ info: cvss-score: 5.3 cve-id: CVE-2023-32959 metadata: - fofa-query: "wp-content/themes/kathmag/" - google-query: inurl:"/wp-content/themes/kathmag/" + fofa-query: "wp-content/themes/fitness-park/" + google-query: inurl:"/wp-content/themes/fitness-park/" shodan-query: 'vuln:CVE-2023-32959' - tags: cve,wordpress,wp-theme,kathmag,low + tags: cve,wordpress,wp-theme,fitness-park,low http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/themes/kathmag/style.css" + - "{{BaseURL}}/wp-content/themes/fitness-park/style.css" extractors: - type: regex @@ -51,9 +51,9 @@ http: - type: word words: - - "kathmag" + - "fitness-park" part: body - type: dsl dsl: - - compare_versions(version, '<= 1.0.6') \ No newline at end of file + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-32959-c2096e6d49c5f9d0c0f7d66abb8cb07d.yaml b/nuclei-templates/2023/CVE-2023-32959-c2096e6d49c5f9d0c0f7d66abb8cb07d.yaml new file mode 100644 index 0000000000..7b3d452700 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-32959-c2096e6d49c5f9d0c0f7d66abb8cb07d.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-32959-c2096e6d49c5f9d0c0f7d66abb8cb07d + +info: + name: > + Multiple sparklewpthemes Themes (Various versions) - Missing Authorization to Arbitrary Plugin Activation + author: topscoder + severity: low + description: > + Several themes for WordPress are vulnerable to unauthorized modification of data due to a missing capability check on the activate_plugin() function called via an AJAX action in various versions. This makes it possible for authenticated attackers, with subscriber-level access and above, to activate arbitrary plugins. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c37bfdeb-2d0c-4ace-94cc-b85c16985994?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N + cvss-score: 5.3 + cve-id: CVE-2023-32959 + metadata: + fofa-query: "wp-content/themes/metrostore/" + google-query: inurl:"/wp-content/themes/metrostore/" + shodan-query: 'vuln:CVE-2023-32959' + tags: cve,wordpress,wp-theme,metrostore,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/metrostore/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "metrostore" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.2') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-00a8237d14b33d5048b8e6724e6de363.yaml b/nuclei-templates/2023/CVE-2023-33999-00a8237d14b33d5048b8e6724e6de363.yaml new file mode 100644 index 0000000000..8c1cbd1891 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-00a8237d14b33d5048b8e6724e6de363.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-00a8237d14b33d5048b8e6724e6de363 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/themes/lifestyle-magazine/" + google-query: inurl:"/wp-content/themes/lifestyle-magazine/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-theme,lifestyle-magazine,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/lifestyle-magazine/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "lifestyle-magazine" + part: body + + - type: dsl + dsl: + - compare_versions(version, '10.2.0') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-014b6ad4ab540d038ba44ae3eac303b6.yaml b/nuclei-templates/2023/CVE-2023-33999-014b6ad4ab540d038ba44ae3eac303b6.yaml new file mode 100644 index 0000000000..c37822b57c --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-014b6ad4ab540d038ba44ae3eac303b6.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-014b6ad4ab540d038ba44ae3eac303b6 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/forms-gutenberg/" + google-query: inurl:"/wp-content/plugins/forms-gutenberg/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,forms-gutenberg,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/forms-gutenberg/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "forms-gutenberg" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.0') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-025d4f93205914c7c4decf4d1fe871d9.yaml b/nuclei-templates/2023/CVE-2023-33999-025d4f93205914c7c4decf4d1fe871d9.yaml new file mode 100644 index 0000000000..4c56ec0c9f --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-025d4f93205914c7c4decf4d1fe871d9.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-025d4f93205914c7c4decf4d1fe871d9 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/woocommerce-eu-vat-assistant/" + google-query: inurl:"/wp-content/plugins/woocommerce-eu-vat-assistant/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,woocommerce-eu-vat-assistant,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-eu-vat-assistant/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-eu-vat-assistant" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 2.0.19.210629', '<= 2.0.42.230503') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-05b06ae39b4025da0deb46ee74f40d6b.yaml b/nuclei-templates/2023/CVE-2023-33999-05b06ae39b4025da0deb46ee74f40d6b.yaml new file mode 100644 index 0000000000..fed480f8e7 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-05b06ae39b4025da0deb46ee74f40d6b.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-05b06ae39b4025da0deb46ee74f40d6b + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/geo-mashup/" + google-query: inurl:"/wp-content/plugins/geo-mashup/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,geo-mashup,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/geo-mashup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "geo-mashup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.9.1', '<= 1.13.11') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-06518909b9bcdbb0d363768304272171.yaml b/nuclei-templates/2023/CVE-2023-33999-06518909b9bcdbb0d363768304272171.yaml index bfdbae9704..8be117f53d 100644 --- a/nuclei-templates/2023/CVE-2023-33999-06518909b9bcdbb0d363768304272171.yaml +++ b/nuclei-templates/2023/CVE-2023-33999-06518909b9bcdbb0d363768304272171.yaml @@ -15,17 +15,17 @@ info: cvss-score: 6.1 cve-id: CVE-2023-33999 metadata: - fofa-query: "wp-content/plugins/events-addon-for-elementor/" - google-query: inurl:"/wp-content/plugins/events-addon-for-elementor/" + fofa-query: "wp-content/plugins/stop-wp-emails-going-to-spam/" + google-query: inurl:"/wp-content/plugins/stop-wp-emails-going-to-spam/" shodan-query: 'vuln:CVE-2023-33999' - tags: cve,wordpress,wp-plugin,events-addon-for-elementor,medium + tags: cve,wordpress,wp-plugin,stop-wp-emails-going-to-spam,medium http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/events-addon-for-elementor/readme.txt" + - "{{BaseURL}}/wp-content/plugins/stop-wp-emails-going-to-spam/readme.txt" extractors: - type: regex @@ -51,9 +51,9 @@ http: - type: word words: - - "events-addon-for-elementor" + - "stop-wp-emails-going-to-spam" part: body - type: dsl dsl: - - compare_versions(version, '>= 1.8.4', '<= 2.0.2') \ No newline at end of file + - compare_versions(version, '<= 2.0.2') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-06f47f192e812b4140681e822e0b25b0.yaml b/nuclei-templates/2023/CVE-2023-33999-06f47f192e812b4140681e822e0b25b0.yaml new file mode 100644 index 0000000000..352f6e25a5 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-06f47f192e812b4140681e822e0b25b0.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-06f47f192e812b4140681e822e0b25b0 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/ultimate-social-media-plus/" + google-query: inurl:"/wp-content/plugins/ultimate-social-media-plus/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,ultimate-social-media-plus,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-social-media-plus/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-social-media-plus" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.7') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-090406fb008a0f338dd613443e0ebb5f.yaml b/nuclei-templates/2023/CVE-2023-33999-090406fb008a0f338dd613443e0ebb5f.yaml new file mode 100644 index 0000000000..2bdf02406e --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-090406fb008a0f338dd613443e0ebb5f.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-090406fb008a0f338dd613443e0ebb5f + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/ultimate-carousel-for-divi/" + google-query: inurl:"/wp-content/plugins/ultimate-carousel-for-divi/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,ultimate-carousel-for-divi,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-carousel-for-divi/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-carousel-for-divi" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 4.0.0', '<= 4.5.0') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-09706a5d6ce2cbb6e9d5d705244bf705.yaml b/nuclei-templates/2023/CVE-2023-33999-09706a5d6ce2cbb6e9d5d705244bf705.yaml new file mode 100644 index 0000000000..71c56fd043 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-09706a5d6ce2cbb6e9d5d705244bf705.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-09706a5d6ce2cbb6e9d5d705244bf705 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/wc-gsheetconnector/" + google-query: inurl:"/wp-content/plugins/wc-gsheetconnector/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,wc-gsheetconnector,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wc-gsheetconnector/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wc-gsheetconnector" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.4') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-097c9e9c411a5f2b12ba3dc6904d9efb.yaml b/nuclei-templates/2023/CVE-2023-33999-097c9e9c411a5f2b12ba3dc6904d9efb.yaml new file mode 100644 index 0000000000..0f7d31c14f --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-097c9e9c411a5f2b12ba3dc6904d9efb.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-097c9e9c411a5f2b12ba3dc6904d9efb + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/disable-dashboard-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/disable-dashboard-for-woocommerce/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,disable-dashboard-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/disable-dashboard-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "disable-dashboard-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 3.0.0', '<= 3.2.8') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-09ec3fc238ae6dd0085346abee30940f.yaml b/nuclei-templates/2023/CVE-2023-33999-09ec3fc238ae6dd0085346abee30940f.yaml new file mode 100644 index 0000000000..2d8522a5f6 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-09ec3fc238ae6dd0085346abee30940f.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-09ec3fc238ae6dd0085346abee30940f + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/themes/startup-blog/" + google-query: inurl:"/wp-content/themes/startup-blog/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-theme,startup-blog,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/startup-blog/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "startup-blog" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.13') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-0a36aa780ff7c69b2599c6fbc1c47d5b.yaml b/nuclei-templates/2023/CVE-2023-33999-0a36aa780ff7c69b2599c6fbc1c47d5b.yaml new file mode 100644 index 0000000000..5035877f25 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-0a36aa780ff7c69b2599c6fbc1c47d5b.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-0a36aa780ff7c69b2599c6fbc1c47d5b + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/embed-office-viewer/" + google-query: inurl:"/wp-content/plugins/embed-office-viewer/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,embed-office-viewer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/embed-office-viewer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "embed-office-viewer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.6') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-0acdfba0f64132463024c44f1d05615a.yaml b/nuclei-templates/2023/CVE-2023-33999-0acdfba0f64132463024c44f1d05615a.yaml new file mode 100644 index 0000000000..db2d724a10 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-0acdfba0f64132463024c44f1d05615a.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-0acdfba0f64132463024c44f1d05615a + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/advanced-visual-elements/" + google-query: inurl:"/wp-content/plugins/advanced-visual-elements/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,advanced-visual-elements,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-visual-elements/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-visual-elements" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.6') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-0ba4832dcb1ba85bfb554151b3d013cc.yaml b/nuclei-templates/2023/CVE-2023-33999-0ba4832dcb1ba85bfb554151b3d013cc.yaml new file mode 100644 index 0000000000..4d22d9309d --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-0ba4832dcb1ba85bfb554151b3d013cc.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-0ba4832dcb1ba85bfb554151b3d013cc + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/super-video-player/" + google-query: inurl:"/wp-content/plugins/super-video-player/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,super-video-player,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/super-video-player/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "super-video-player" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.12') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-0bf31cd6ce3c2fa65dd7fa7838f29767.yaml b/nuclei-templates/2023/CVE-2023-33999-0bf31cd6ce3c2fa65dd7fa7838f29767.yaml new file mode 100644 index 0000000000..5d34f37a21 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-0bf31cd6ce3c2fa65dd7fa7838f29767.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-0bf31cd6ce3c2fa65dd7fa7838f29767 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/cooked/" + google-query: inurl:"/wp-content/plugins/cooked/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,cooked,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cooked/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cooked" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.12') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-0c1272597fb79c33f1c87015a77bd40a.yaml b/nuclei-templates/2023/CVE-2023-33999-0c1272597fb79c33f1c87015a77bd40a.yaml new file mode 100644 index 0000000000..e41a11418e --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-0c1272597fb79c33f1c87015a77bd40a.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-0c1272597fb79c33f1c87015a77bd40a + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/logo-showcase-with-slick-slider/" + google-query: inurl:"/wp-content/plugins/logo-showcase-with-slick-slider/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,logo-showcase-with-slick-slider,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/logo-showcase-with-slick-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "logo-showcase-with-slick-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-0ce1885fe4bbf085763b8c08a1b619b0.yaml b/nuclei-templates/2023/CVE-2023-33999-0ce1885fe4bbf085763b8c08a1b619b0.yaml new file mode 100644 index 0000000000..f2d36f9f0e --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-0ce1885fe4bbf085763b8c08a1b619b0.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-0ce1885fe4bbf085763b8c08a1b619b0 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/wp-security-audit-log/" + google-query: inurl:"/wp-content/plugins/wp-security-audit-log/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,wp-security-audit-log,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-security-audit-log/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-security-audit-log" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 3.0.0', '<= 4.4.2.1') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-0d27ebb780faa66b3348e4e082148176.yaml b/nuclei-templates/2023/CVE-2023-33999-0d27ebb780faa66b3348e4e082148176.yaml new file mode 100644 index 0000000000..367e013253 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-0d27ebb780faa66b3348e4e082148176.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-0d27ebb780faa66b3348e4e082148176 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/nova-poshta-ttn/" + google-query: inurl:"/wp-content/plugins/nova-poshta-ttn/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,nova-poshta-ttn,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nova-poshta-ttn/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nova-poshta-ttn" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.46') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-0d2d67dea7a49bfb55a975caf6ebdd08.yaml b/nuclei-templates/2023/CVE-2023-33999-0d2d67dea7a49bfb55a975caf6ebdd08.yaml new file mode 100644 index 0000000000..934b263815 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-0d2d67dea7a49bfb55a975caf6ebdd08.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-0d2d67dea7a49bfb55a975caf6ebdd08 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/themes/the-authority/" + google-query: inurl:"/wp-content/themes/the-authority/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-theme,the-authority,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/the-authority/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "the-authority" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.1') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-0dcaa434d785949b284481f36fbc8240.yaml b/nuclei-templates/2023/CVE-2023-33999-0dcaa434d785949b284481f36fbc8240.yaml new file mode 100644 index 0000000000..4f8ec051c6 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-0dcaa434d785949b284481f36fbc8240.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-0dcaa434d785949b284481f36fbc8240 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/bp-toolkit/" + google-query: inurl:"/wp-content/plugins/bp-toolkit/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,bp-toolkit,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bp-toolkit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bp-toolkit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6.0') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-10690fe4f38f40c1b114ac8bc30991aa.yaml b/nuclei-templates/2023/CVE-2023-33999-10690fe4f38f40c1b114ac8bc30991aa.yaml new file mode 100644 index 0000000000..1d69b18b6b --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-10690fe4f38f40c1b114ac8bc30991aa.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-10690fe4f38f40c1b114ac8bc30991aa + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/map-location-picker-at-checkout-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/map-location-picker-at-checkout-for-woocommerce/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,map-location-picker-at-checkout-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/map-location-picker-at-checkout-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "map-location-picker-at-checkout-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.2.2', '<= 1.8.4') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-11944ae0419132e3a5a1e306f96c5789.yaml b/nuclei-templates/2023/CVE-2023-33999-11944ae0419132e3a5a1e306f96c5789.yaml new file mode 100644 index 0000000000..ccda34d0a7 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-11944ae0419132e3a5a1e306f96c5789.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-11944ae0419132e3a5a1e306f96c5789 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/advanced-form-integration/" + google-query: inurl:"/wp-content/plugins/advanced-form-integration/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,advanced-form-integration,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-form-integration/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-form-integration" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.69.0') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-11e7676c1bfe0f3b62af4378b5de726e.yaml b/nuclei-templates/2023/CVE-2023-33999-11e7676c1bfe0f3b62af4378b5de726e.yaml new file mode 100644 index 0000000000..fea9de2016 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-11e7676c1bfe0f3b62af4378b5de726e.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-11e7676c1bfe0f3b62af4378b5de726e + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/cleanup-action-scheduler/" + google-query: inurl:"/wp-content/plugins/cleanup-action-scheduler/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,cleanup-action-scheduler,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cleanup-action-scheduler/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cleanup-action-scheduler" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.0.0', '<= 1.1.0') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-124d5b1842d65009207a145d8fe1e9bd.yaml b/nuclei-templates/2023/CVE-2023-33999-124d5b1842d65009207a145d8fe1e9bd.yaml new file mode 100644 index 0000000000..070739a00d --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-124d5b1842d65009207a145d8fe1e9bd.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-124d5b1842d65009207a145d8fe1e9bd + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/wpcf7-redirect/" + google-query: inurl:"/wp-content/plugins/wpcf7-redirect/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,wpcf7-redirect,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpcf7-redirect/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpcf7-redirect" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 2.3.7', '<= 2.8.0') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-1302e47d80d75ddd34bbdff350d3ee1d.yaml b/nuclei-templates/2023/CVE-2023-33999-1302e47d80d75ddd34bbdff350d3ee1d.yaml new file mode 100644 index 0000000000..4d96a71c00 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-1302e47d80d75ddd34bbdff350d3ee1d.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-1302e47d80d75ddd34bbdff350d3ee1d + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/eazydocs/" + google-query: inurl:"/wp-content/plugins/eazydocs/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,eazydocs,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/eazydocs/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "eazydocs" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.0') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-144b5579f3a7562e3b911fd51555fc72.yaml b/nuclei-templates/2023/CVE-2023-33999-144b5579f3a7562e3b911fd51555fc72.yaml new file mode 100644 index 0000000000..f988f2705a --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-144b5579f3a7562e3b911fd51555fc72.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-144b5579f3a7562e3b911fd51555fc72 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/enjoy-instagram-instagram-responsive-images-gallery-and-carousel/" + google-query: inurl:"/wp-content/plugins/enjoy-instagram-instagram-responsive-images-gallery-and-carousel/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,enjoy-instagram-instagram-responsive-images-gallery-and-carousel,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/enjoy-instagram-instagram-responsive-images-gallery-and-carousel/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "enjoy-instagram-instagram-responsive-images-gallery-and-carousel" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.2.0') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-1455b8848d6a857ea84ee0dbb63353b8.yaml b/nuclei-templates/2023/CVE-2023-33999-1455b8848d6a857ea84ee0dbb63353b8.yaml new file mode 100644 index 0000000000..bdc4361313 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-1455b8848d6a857ea84ee0dbb63353b8.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-1455b8848d6a857ea84ee0dbb63353b8 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/zip-codes-redirect/" + google-query: inurl:"/wp-content/plugins/zip-codes-redirect/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,zip-codes-redirect,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/zip-codes-redirect/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "zip-codes-redirect" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.0.1', '<= 5.1.1') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-15b57efb1bb93d58367f3aef40e3d9cd.yaml b/nuclei-templates/2023/CVE-2023-33999-15b57efb1bb93d58367f3aef40e3d9cd.yaml new file mode 100644 index 0000000000..789a19ec2c --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-15b57efb1bb93d58367f3aef40e3d9cd.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-15b57efb1bb93d58367f3aef40e3d9cd + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/wp-table-builder/" + google-query: inurl:"/wp-content/plugins/wp-table-builder/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,wp-table-builder,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-table-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-table-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.2.4', '<= 1.4.9') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-16f5dfc9718e087e6a83abc6212856a6.yaml b/nuclei-templates/2023/CVE-2023-33999-16f5dfc9718e087e6a83abc6212856a6.yaml new file mode 100644 index 0000000000..3dce07fd90 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-16f5dfc9718e087e6a83abc6212856a6.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-16f5dfc9718e087e6a83abc6212856a6 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/goal-tracker-ga/" + google-query: inurl:"/wp-content/plugins/goal-tracker-ga/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,goal-tracker-ga,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/goal-tracker-ga/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "goal-tracker-ga" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.0.1', '<= 1.0.10') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-1771846559277c7971f1ab31925847a5.yaml b/nuclei-templates/2023/CVE-2023-33999-1771846559277c7971f1ab31925847a5.yaml new file mode 100644 index 0000000000..261eb367b6 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-1771846559277c7971f1ab31925847a5.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-1771846559277c7971f1ab31925847a5 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/domain-mapping-system/" + google-query: inurl:"/wp-content/plugins/domain-mapping-system/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,domain-mapping-system,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/domain-mapping-system/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "domain-mapping-system" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.2') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-1785a47361aff448a1e3e055e47594e8.yaml b/nuclei-templates/2023/CVE-2023-33999-1785a47361aff448a1e3e055e47594e8.yaml new file mode 100644 index 0000000000..4441484545 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-1785a47361aff448a1e3e055e47594e8.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-1785a47361aff448a1e3e055e47594e8 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/themes/wp-forge/" + google-query: inurl:"/wp-content/themes/wp-forge/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-theme,wp-forge,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/wp-forge/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-forge" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.5.3') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-179cdb264c91856d1ac12af41e362403.yaml b/nuclei-templates/2023/CVE-2023-33999-179cdb264c91856d1ac12af41e362403.yaml new file mode 100644 index 0000000000..3e65946b2a --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-179cdb264c91856d1ac12af41e362403.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-179cdb264c91856d1ac12af41e362403 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/min-and-max-quantity-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/min-and-max-quantity-for-woocommerce/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,min-and-max-quantity-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/min-and-max-quantity-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "min-and-max-quantity-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '1.1.0') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-18ab7cbc518d90128d5f6367b2fb8a00.yaml b/nuclei-templates/2023/CVE-2023-33999-18ab7cbc518d90128d5f6367b2fb8a00.yaml new file mode 100644 index 0000000000..23b323d073 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-18ab7cbc518d90128d5f6367b2fb8a00.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-18ab7cbc518d90128d5f6367b2fb8a00 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/publishpress/" + google-query: inurl:"/wp-content/plugins/publishpress/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,publishpress,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/publishpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "publishpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.3.0', '<= 1.9.4') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-18f6a75f6afe50dadd4e09253cdf3638.yaml b/nuclei-templates/2023/CVE-2023-33999-18f6a75f6afe50dadd4e09253cdf3638.yaml new file mode 100644 index 0000000000..1c01599c08 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-18f6a75f6afe50dadd4e09253cdf3638.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-18f6a75f6afe50dadd4e09253cdf3638 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/wpoptin/" + google-query: inurl:"/wp-content/plugins/wpoptin/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,wpoptin,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpoptin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpoptin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.0.0', '<= 1.2.6') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-1d05f6db625b36bfd2a9859851a52dad.yaml b/nuclei-templates/2023/CVE-2023-33999-1d05f6db625b36bfd2a9859851a52dad.yaml new file mode 100644 index 0000000000..0288435ca9 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-1d05f6db625b36bfd2a9859851a52dad.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-1d05f6db625b36bfd2a9859851a52dad + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/add-search-to-menu/" + google-query: inurl:"/wp-content/plugins/add-search-to-menu/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,add-search-to-menu,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/add-search-to-menu/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "add-search-to-menu" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 4.0', '<= 5.5.1') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-1da9bfa0f34d1fcb813ac4fde3e365c9.yaml b/nuclei-templates/2023/CVE-2023-33999-1da9bfa0f34d1fcb813ac4fde3e365c9.yaml new file mode 100644 index 0000000000..a24d6c31bc --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-1da9bfa0f34d1fcb813ac4fde3e365c9.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-1da9bfa0f34d1fcb813ac4fde3e365c9 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/code-manager/" + google-query: inurl:"/wp-content/plugins/code-manager/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,code-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/code-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "code-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.0.0', '<= 1.0.25') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-1facd6a5d097835c65ed6a2efcbb3f47.yaml b/nuclei-templates/2023/CVE-2023-33999-1facd6a5d097835c65ed6a2efcbb3f47.yaml new file mode 100644 index 0000000000..061c84d7b6 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-1facd6a5d097835c65ed6a2efcbb3f47.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-1facd6a5d097835c65ed6a2efcbb3f47 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/themes/fire-blog/" + google-query: inurl:"/wp-content/themes/fire-blog/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-theme,fire-blog,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/fire-blog/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fire-blog" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-20619a5c820d0dbefb553141dcdfb9a5.yaml b/nuclei-templates/2023/CVE-2023-33999-20619a5c820d0dbefb553141dcdfb9a5.yaml new file mode 100644 index 0000000000..90b85259bc --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-20619a5c820d0dbefb553141dcdfb9a5.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-20619a5c820d0dbefb553141dcdfb9a5 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/wc4bp/" + google-query: inurl:"/wp-content/plugins/wc4bp/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,wc4bp,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wc4bp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wc4bp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 3.0', '<= 3.4.15') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-212485398b9db530a2afa9b8f0fa1f1f.yaml b/nuclei-templates/2023/CVE-2023-33999-212485398b9db530a2afa9b8f0fa1f1f.yaml new file mode 100644 index 0000000000..5a77b76aea --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-212485398b9db530a2afa9b8f0fa1f1f.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-212485398b9db530a2afa9b8f0fa1f1f + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/simply-gallery-block/" + google-query: inurl:"/wp-content/plugins/simply-gallery-block/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,simply-gallery-block,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simply-gallery-block/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simply-gallery-block" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.8.4', '<= 3.1.4') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-222f1fb7a9e8e9d51b484cb43f46dae1.yaml b/nuclei-templates/2023/CVE-2023-33999-222f1fb7a9e8e9d51b484cb43f46dae1.yaml new file mode 100644 index 0000000000..33a7e52e27 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-222f1fb7a9e8e9d51b484cb43f46dae1.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-222f1fb7a9e8e9d51b484cb43f46dae1 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/five-star-ratings-shortcode/" + google-query: inurl:"/wp-content/plugins/five-star-ratings-shortcode/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,five-star-ratings-shortcode,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/five-star-ratings-shortcode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "five-star-ratings-shortcode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.0.0', '<= 1.2.47') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-22439ed76086f795fde8dc3a7f8acfc7.yaml b/nuclei-templates/2023/CVE-2023-33999-22439ed76086f795fde8dc3a7f8acfc7.yaml new file mode 100644 index 0000000000..3b5f6b8d15 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-22439ed76086f795fde8dc3a7f8acfc7.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-22439ed76086f795fde8dc3a7f8acfc7 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/ga-for-wp/" + google-query: inurl:"/wp-content/plugins/ga-for-wp/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,ga-for-wp,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ga-for-wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ga-for-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.1', '<= 2.1.2') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-226a72abcf44eabce0eac44c3b59a3c9.yaml b/nuclei-templates/2023/CVE-2023-33999-226a72abcf44eabce0eac44c3b59a3c9.yaml new file mode 100644 index 0000000000..a1865c541a --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-226a72abcf44eabce0eac44c3b59a3c9.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-226a72abcf44eabce0eac44c3b59a3c9 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/wp-tools-gravity-forms-divi-module/" + google-query: inurl:"/wp-content/plugins/wp-tools-gravity-forms-divi-module/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,wp-tools-gravity-forms-divi-module,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-tools-gravity-forms-divi-module/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-tools-gravity-forms-divi-module" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 5.0.0', '<= 7.0.2') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-22bb48ee9e8b3a68346bb958e43e521b.yaml b/nuclei-templates/2023/CVE-2023-33999-22bb48ee9e8b3a68346bb958e43e521b.yaml new file mode 100644 index 0000000000..3cdedb37fc --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-22bb48ee9e8b3a68346bb958e43e521b.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-22bb48ee9e8b3a68346bb958e43e521b + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/login-customizer/" + google-query: inurl:"/wp-content/plugins/login-customizer/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,login-customizer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/login-customizer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "login-customizer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 2.1.5', '<= 2.2.2') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-230f7d07ad2a744dd7575811e6cc4f4f.yaml b/nuclei-templates/2023/CVE-2023-33999-230f7d07ad2a744dd7575811e6cc4f4f.yaml new file mode 100644 index 0000000000..86534f1da7 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-230f7d07ad2a744dd7575811e6cc4f4f.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-230f7d07ad2a744dd7575811e6cc4f4f + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/purple-xmls-google-product-feed-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/purple-xmls-google-product-feed-for-woocommerce/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,purple-xmls-google-product-feed-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/purple-xmls-google-product-feed-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "purple-xmls-google-product-feed-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.3.4') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-23420042f0e38e778be6c8ae98eb2aec.yaml b/nuclei-templates/2023/CVE-2023-33999-23420042f0e38e778be6c8ae98eb2aec.yaml new file mode 100644 index 0000000000..f398c82816 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-23420042f0e38e778be6c8ae98eb2aec.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-23420042f0e38e778be6c8ae98eb2aec + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/blog-designer-pack/" + google-query: inurl:"/wp-content/plugins/blog-designer-pack/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,blog-designer-pack,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/blog-designer-pack/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "blog-designer-pack" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-24034938e3577414350580393f0f32ca.yaml b/nuclei-templates/2023/CVE-2023-33999-24034938e3577414350580393f0f32ca.yaml new file mode 100644 index 0000000000..fba116f162 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-24034938e3577414350580393f0f32ca.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-24034938e3577414350580393f0f32ca + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/role-and-customer-based-pricing-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/role-and-customer-based-pricing-for-woocommerce/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,role-and-customer-based-pricing-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/role-and-customer-based-pricing-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "role-and-customer-based-pricing-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.0.0', '<= 1.4.0') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-240c55548c60af533e514309a7b9393f.yaml b/nuclei-templates/2023/CVE-2023-33999-240c55548c60af533e514309a7b9393f.yaml new file mode 100644 index 0000000000..2f9081add2 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-240c55548c60af533e514309a7b9393f.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-240c55548c60af533e514309a7b9393f + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/ultimate-custom-scrollbar/" + google-query: inurl:"/wp-content/plugins/ultimate-custom-scrollbar/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,ultimate-custom-scrollbar,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-custom-scrollbar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-custom-scrollbar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-241dc22e43a1b2b0fd8f7ae77d84e797.yaml b/nuclei-templates/2023/CVE-2023-33999-241dc22e43a1b2b0fd8f7ae77d84e797.yaml new file mode 100644 index 0000000000..5881e1fdd5 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-241dc22e43a1b2b0fd8f7ae77d84e797.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-241dc22e43a1b2b0fd8f7ae77d84e797 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/lpagery/" + google-query: inurl:"/wp-content/plugins/lpagery/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,lpagery,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/lpagery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "lpagery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.0', '<= 1.2.5') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-24d6a803697ba30eeb71e56c05f11666.yaml b/nuclei-templates/2023/CVE-2023-33999-24d6a803697ba30eeb71e56c05f11666.yaml new file mode 100644 index 0000000000..975f980b70 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-24d6a803697ba30eeb71e56c05f11666.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-24d6a803697ba30eeb71e56c05f11666 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/tablepress/" + google-query: inurl:"/wp-content/plugins/tablepress/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,tablepress,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tablepress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tablepress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 2.0', '<= 2.1.4') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-279961b76481af966ed1a079d328bfe1.yaml b/nuclei-templates/2023/CVE-2023-33999-279961b76481af966ed1a079d328bfe1.yaml new file mode 100644 index 0000000000..c0bfb0a3e6 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-279961b76481af966ed1a079d328bfe1.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-279961b76481af966ed1a079d328bfe1 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/radio-station/" + google-query: inurl:"/wp-content/plugins/radio-station/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,radio-station,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/radio-station/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "radio-station" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 2.3.0', '<= 2.4.0.9') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-28fc59810b95f7499bcf1ac5173f87d7.yaml b/nuclei-templates/2023/CVE-2023-33999-28fc59810b95f7499bcf1ac5173f87d7.yaml new file mode 100644 index 0000000000..e8c27c51d9 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-28fc59810b95f7499bcf1ac5173f87d7.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-28fc59810b95f7499bcf1ac5173f87d7 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/bulk-edit-categories-tags/" + google-query: inurl:"/wp-content/plugins/bulk-edit-categories-tags/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,bulk-edit-categories-tags,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bulk-edit-categories-tags/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bulk-edit-categories-tags" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.0.0', '<= 1.7.4') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-29bf4dee92959d416e2ad95d3a653fa3.yaml b/nuclei-templates/2023/CVE-2023-33999-29bf4dee92959d416e2ad95d3a653fa3.yaml new file mode 100644 index 0000000000..3ab23fb321 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-29bf4dee92959d416e2ad95d3a653fa3.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-29bf4dee92959d416e2ad95d3a653fa3 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/blockons/" + google-query: inurl:"/wp-content/plugins/blockons/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,blockons,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/blockons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "blockons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.0.2', '<= 1.0.7') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-2a2d6758222c78e342b6c43577ee9853.yaml b/nuclei-templates/2023/CVE-2023-33999-2a2d6758222c78e342b6c43577ee9853.yaml new file mode 100644 index 0000000000..6cb170419a --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-2a2d6758222c78e342b6c43577ee9853.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-2a2d6758222c78e342b6c43577ee9853 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/sp-news-and-widget/" + google-query: inurl:"/wp-content/plugins/sp-news-and-widget/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,sp-news-and-widget,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sp-news-and-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sp-news-and-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-2ab00912b2aec3b1f39e312940cc0705.yaml b/nuclei-templates/2023/CVE-2023-33999-2ab00912b2aec3b1f39e312940cc0705.yaml new file mode 100644 index 0000000000..682420516b --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-2ab00912b2aec3b1f39e312940cc0705.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-2ab00912b2aec3b1f39e312940cc0705 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/url-shortify/" + google-query: inurl:"/wp-content/plugins/url-shortify/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,url-shortify,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/url-shortify/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "url-shortify" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.0.1', '<= 1.7.2') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-2b0f64bd77704ba4263d836a107aca75.yaml b/nuclei-templates/2023/CVE-2023-33999-2b0f64bd77704ba4263d836a107aca75.yaml new file mode 100644 index 0000000000..1de602ea90 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-2b0f64bd77704ba4263d836a107aca75.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-2b0f64bd77704ba4263d836a107aca75 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/projectopia-core/" + google-query: inurl:"/wp-content/plugins/projectopia-core/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,projectopia-core,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/projectopia-core/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "projectopia-core" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.1.4') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-2b2859729371da499d91cd7db71de307.yaml b/nuclei-templates/2023/CVE-2023-33999-2b2859729371da499d91cd7db71de307.yaml new file mode 100644 index 0000000000..3d2cd5e1e6 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-2b2859729371da499d91cd7db71de307.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-2b2859729371da499d91cd7db71de307 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/free-shipping-label/" + google-query: inurl:"/wp-content/plugins/free-shipping-label/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,free-shipping-label,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/free-shipping-label/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "free-shipping-label" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 2.5.0', '<= 2.6.9') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-2dd1d157d8c05cdab4c027d92bb80277.yaml b/nuclei-templates/2023/CVE-2023-33999-2dd1d157d8c05cdab4c027d92bb80277.yaml new file mode 100644 index 0000000000..da8a581390 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-2dd1d157d8c05cdab4c027d92bb80277.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-2dd1d157d8c05cdab4c027d92bb80277 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/wpcasa-mail-alert/" + google-query: inurl:"/wp-content/plugins/wpcasa-mail-alert/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,wpcasa-mail-alert,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpcasa-mail-alert/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpcasa-mail-alert" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.2') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-2ddfcc55ff08b64b1d9d18ab8a7d39be.yaml b/nuclei-templates/2023/CVE-2023-33999-2ddfcc55ff08b64b1d9d18ab8a7d39be.yaml new file mode 100644 index 0000000000..122ddb3c96 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-2ddfcc55ff08b64b1d9d18ab8a7d39be.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-2ddfcc55ff08b64b1d9d18ab8a7d39be + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/woo-ecommerce-tracking-for-google-and-facebook/" + google-query: inurl:"/wp-content/plugins/woo-ecommerce-tracking-for-google-and-facebook/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,woo-ecommerce-tracking-for-google-and-facebook,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-ecommerce-tracking-for-google-and-facebook/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-ecommerce-tracking-for-google-and-facebook" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 3.0', '<= 3.7.0') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-31c68c1e80a3036e5b804ff617f8b80a.yaml b/nuclei-templates/2023/CVE-2023-33999-31c68c1e80a3036e5b804ff617f8b80a.yaml new file mode 100644 index 0000000000..2d68841ce6 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-31c68c1e80a3036e5b804ff617f8b80a.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-31c68c1e80a3036e5b804ff617f8b80a + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/bulk-edit-events/" + google-query: inurl:"/wp-content/plugins/bulk-edit-events/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,bulk-edit-events,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bulk-edit-events/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bulk-edit-events" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.0.0', '<= 1.1.20') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-329bfe5de46e86263849a88a4bef93ac.yaml b/nuclei-templates/2023/CVE-2023-33999-329bfe5de46e86263849a88a4bef93ac.yaml new file mode 100644 index 0000000000..bdbc85c1f8 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-329bfe5de46e86263849a88a4bef93ac.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-329bfe5de46e86263849a88a4bef93ac + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/ultimate-sms-notifications/" + google-query: inurl:"/wp-content/plugins/ultimate-sms-notifications/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,ultimate-sms-notifications,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-sms-notifications/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-sms-notifications" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.2', '<= 1.9.9.5') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-3382b197aab04ae33deb11e8d963f7ad.yaml b/nuclei-templates/2023/CVE-2023-33999-3382b197aab04ae33deb11e8d963f7ad.yaml new file mode 100644 index 0000000000..2948938d00 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-3382b197aab04ae33deb11e8d963f7ad.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-3382b197aab04ae33deb11e8d963f7ad + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/artificial-intelligence-auto-content-generator/" + google-query: inurl:"/wp-content/plugins/artificial-intelligence-auto-content-generator/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,artificial-intelligence-auto-content-generator,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/artificial-intelligence-auto-content-generator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "artificial-intelligence-auto-content-generator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.0') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-339929674b820de8b90e014ad98ce99d.yaml b/nuclei-templates/2023/CVE-2023-33999-339929674b820de8b90e014ad98ce99d.yaml new file mode 100644 index 0000000000..6d06089653 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-339929674b820de8b90e014ad98ce99d.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-339929674b820de8b90e014ad98ce99d + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/stackable-ultimate-gutenberg-blocks/" + google-query: inurl:"/wp-content/plugins/stackable-ultimate-gutenberg-blocks/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,stackable-ultimate-gutenberg-blocks,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/stackable-ultimate-gutenberg-blocks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "stackable-ultimate-gutenberg-blocks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 0.1', '<= 3.9.0') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-348d8b60e833b8c5529ab87941a20af9.yaml b/nuclei-templates/2023/CVE-2023-33999-348d8b60e833b8c5529ab87941a20af9.yaml new file mode 100644 index 0000000000..e143185ec2 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-348d8b60e833b8c5529ab87941a20af9.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-348d8b60e833b8c5529ab87941a20af9 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/ssl-zen/" + google-query: inurl:"/wp-content/plugins/ssl-zen/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,ssl-zen,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ssl-zen/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ssl-zen" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.5.2') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-34d1026ec0ffbe017223c0293f8ad633.yaml b/nuclei-templates/2023/CVE-2023-33999-34d1026ec0ffbe017223c0293f8ad633.yaml new file mode 100644 index 0000000000..528d140b9f --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-34d1026ec0ffbe017223c0293f8ad633.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-34d1026ec0ffbe017223c0293f8ad633 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/dancepress-trwa/" + google-query: inurl:"/wp-content/plugins/dancepress-trwa/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,dancepress-trwa,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dancepress-trwa/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dancepress-trwa" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.181106', '<= 2.4.5') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-34e8ae8e7c7b35f1f5122527da12e359.yaml b/nuclei-templates/2023/CVE-2023-33999-34e8ae8e7c7b35f1f5122527da12e359.yaml new file mode 100644 index 0000000000..110df333ce --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-34e8ae8e7c7b35f1f5122527da12e359.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-34e8ae8e7c7b35f1f5122527da12e359 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/gs-behance-portfolio/" + google-query: inurl:"/wp-content/plugins/gs-behance-portfolio/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,gs-behance-portfolio,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gs-behance-portfolio/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gs-behance-portfolio" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 3.0.0', '<= 3.0.1') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-36333c6bebdfc9e2172db6d8a481c6a7.yaml b/nuclei-templates/2023/CVE-2023-33999-36333c6bebdfc9e2172db6d8a481c6a7.yaml new file mode 100644 index 0000000000..80cb85543d --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-36333c6bebdfc9e2172db6d8a481c6a7.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-36333c6bebdfc9e2172db6d8a481c6a7 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/woo-product-reviews-shortcode/" + google-query: inurl:"/wp-content/plugins/woo-product-reviews-shortcode/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,woo-product-reviews-shortcode,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-product-reviews-shortcode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-product-reviews-shortcode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.20') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-376c95d8efaa05d44afe93d5fbabf141.yaml b/nuclei-templates/2023/CVE-2023-33999-376c95d8efaa05d44afe93d5fbabf141.yaml new file mode 100644 index 0000000000..1d951e8049 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-376c95d8efaa05d44afe93d5fbabf141.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-376c95d8efaa05d44afe93d5fbabf141 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/treepress/" + google-query: inurl:"/wp-content/plugins/treepress/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,treepress,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/treepress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "treepress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.0', '<= 3.0.0.1') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-384bd952a93099dd05f5c3aefedfbbf2.yaml b/nuclei-templates/2023/CVE-2023-33999-384bd952a93099dd05f5c3aefedfbbf2.yaml new file mode 100644 index 0000000000..63f70cc5a4 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-384bd952a93099dd05f5c3aefedfbbf2.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-384bd952a93099dd05f5c3aefedfbbf2 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/themes/wellness/" + google-query: inurl:"/wp-content/themes/wellness/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-theme,wellness,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/wellness/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wellness" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.7') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-38b56f5acc0a8a430488fd50cd49087b.yaml b/nuclei-templates/2023/CVE-2023-33999-38b56f5acc0a8a430488fd50cd49087b.yaml new file mode 100644 index 0000000000..2503b9006a --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-38b56f5acc0a8a430488fd50cd49087b.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-38b56f5acc0a8a430488fd50cd49087b + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/shortcodes-ultimate/" + google-query: inurl:"/wp-content/plugins/shortcodes-ultimate/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,shortcodes-ultimate,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shortcodes-ultimate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shortcodes-ultimate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 5.12.5', '<= 5.13.0') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-3999e0092090a188e8f22ee92aa2fe31.yaml b/nuclei-templates/2023/CVE-2023-33999-3999e0092090a188e8f22ee92aa2fe31.yaml new file mode 100644 index 0000000000..643bfe2aaa --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-3999e0092090a188e8f22ee92aa2fe31.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-3999e0092090a188e8f22ee92aa2fe31 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/3d-viewer/" + google-query: inurl:"/wp-content/plugins/3d-viewer/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,3d-viewer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/3d-viewer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "3d-viewer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.3') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-39cda8faaf91771c21afe76a1f8fdb35.yaml b/nuclei-templates/2023/CVE-2023-33999-39cda8faaf91771c21afe76a1f8fdb35.yaml new file mode 100644 index 0000000000..5499ceea41 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-39cda8faaf91771c21afe76a1f8fdb35.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-39cda8faaf91771c21afe76a1f8fdb35 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/hm-cool-author-box-widget/" + google-query: inurl:"/wp-content/plugins/hm-cool-author-box-widget/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,hm-cool-author-box-widget,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/hm-cool-author-box-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "hm-cool-author-box-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.4') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-39ceaa61692f4f54893a90ad18a1bee6.yaml b/nuclei-templates/2023/CVE-2023-33999-39ceaa61692f4f54893a90ad18a1bee6.yaml new file mode 100644 index 0000000000..d6424f6410 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-39ceaa61692f4f54893a90ad18a1bee6.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-39ceaa61692f4f54893a90ad18a1bee6 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/share-this-image/" + google-query: inurl:"/wp-content/plugins/share-this-image/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,share-this-image,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/share-this-image/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "share-this-image" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.47', '<= 1.80') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-39e03e050f6906947bb54262dad42bb5.yaml b/nuclei-templates/2023/CVE-2023-33999-39e03e050f6906947bb54262dad42bb5.yaml new file mode 100644 index 0000000000..d79282aa04 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-39e03e050f6906947bb54262dad42bb5.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-39e03e050f6906947bb54262dad42bb5 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/premmerce-woocommerce-brands/" + google-query: inurl:"/wp-content/plugins/premmerce-woocommerce-brands/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,premmerce-woocommerce-brands,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/premmerce-woocommerce-brands/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "premmerce-woocommerce-brands" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.1', '<= 1.2.12') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-3abb05cceb0c37182b5ddd1dac112298.yaml b/nuclei-templates/2023/CVE-2023-33999-3abb05cceb0c37182b5ddd1dac112298.yaml new file mode 100644 index 0000000000..2b2fecf4f2 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-3abb05cceb0c37182b5ddd1dac112298.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-3abb05cceb0c37182b5ddd1dac112298 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/woo-coupon-usage/" + google-query: inurl:"/wp-content/plugins/woo-coupon-usage/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,woo-coupon-usage,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-coupon-usage/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-coupon-usage" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.5.1.2') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-3b294966561be1d58194e0f9b0fd82f5.yaml b/nuclei-templates/2023/CVE-2023-33999-3b294966561be1d58194e0f9b0fd82f5.yaml new file mode 100644 index 0000000000..e84de9a84e --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-3b294966561be1d58194e0f9b0fd82f5.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-3b294966561be1d58194e0f9b0fd82f5 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/front-end-pm/" + google-query: inurl:"/wp-content/plugins/front-end-pm/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,front-end-pm,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/front-end-pm/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "front-end-pm" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 11.2.3', '<= 11.3.7') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-3b3d5815e62b9d66f7ac885fc805b1d9.yaml b/nuclei-templates/2023/CVE-2023-33999-3b3d5815e62b9d66f7ac885fc805b1d9.yaml new file mode 100644 index 0000000000..efbcf32761 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-3b3d5815e62b9d66f7ac885fc805b1d9.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-3b3d5815e62b9d66f7ac885fc805b1d9 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/foogallery/" + google-query: inurl:"/wp-content/plugins/foogallery/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,foogallery,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/foogallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "foogallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.3.29', '<= 2.2.41') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-3b6b758acbcbb2a3e83cef65cc6e6245.yaml b/nuclei-templates/2023/CVE-2023-33999-3b6b758acbcbb2a3e83cef65cc6e6245.yaml new file mode 100644 index 0000000000..6abc86605e --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-3b6b758acbcbb2a3e83cef65cc6e6245.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-3b6b758acbcbb2a3e83cef65cc6e6245 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/themes/broadcast-lite/" + google-query: inurl:"/wp-content/themes/broadcast-lite/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-theme,broadcast-lite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/broadcast-lite/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "broadcast-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 2.0.1', '<= 2.0.6') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-3c90561f6d67c7a0c3de393e6ddad07f.yaml b/nuclei-templates/2023/CVE-2023-33999-3c90561f6d67c7a0c3de393e6ddad07f.yaml new file mode 100644 index 0000000000..4fb0cf3cfb --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-3c90561f6d67c7a0c3de393e6ddad07f.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-3c90561f6d67c7a0c3de393e6ddad07f + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/magic-post-thumbnail/" + google-query: inurl:"/wp-content/plugins/magic-post-thumbnail/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,magic-post-thumbnail,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/magic-post-thumbnail/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "magic-post-thumbnail" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 2.4.3', '<= 4.1.12') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-3cc4d15bcda79cdbe9e35b6ee0725e54.yaml b/nuclei-templates/2023/CVE-2023-33999-3cc4d15bcda79cdbe9e35b6ee0725e54.yaml new file mode 100644 index 0000000000..f6baff3c3c --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-3cc4d15bcda79cdbe9e35b6ee0725e54.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-3cc4d15bcda79cdbe9e35b6ee0725e54 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/ocean-extra/" + google-query: inurl:"/wp-content/plugins/ocean-extra/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,ocean-extra,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ocean-extra/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ocean-extra" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.5.12', '<= 2.1.6') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-3dd095e254c8ac8dbc50856bb4093e03.yaml b/nuclei-templates/2023/CVE-2023-33999-3dd095e254c8ac8dbc50856bb4093e03.yaml new file mode 100644 index 0000000000..c88dba3746 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-3dd095e254c8ac8dbc50856bb4093e03.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-3dd095e254c8ac8dbc50856bb4093e03 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/exportfeed-for-woocommerce-product-to-etsy/" + google-query: inurl:"/wp-content/plugins/exportfeed-for-woocommerce-product-to-etsy/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,exportfeed-for-woocommerce-product-to-etsy,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/exportfeed-for-woocommerce-product-to-etsy/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "exportfeed-for-woocommerce-product-to-etsy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.1.2') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-3f86c973b06c71bff09f1f48c813e391.yaml b/nuclei-templates/2023/CVE-2023-33999-3f86c973b06c71bff09f1f48c813e391.yaml new file mode 100644 index 0000000000..f1c52209e4 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-3f86c973b06c71bff09f1f48c813e391.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-3f86c973b06c71bff09f1f48c813e391 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/bdthemes-prime-slider-lite/" + google-query: inurl:"/wp-content/plugins/bdthemes-prime-slider-lite/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,bdthemes-prime-slider-lite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bdthemes-prime-slider-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bdthemes-prime-slider-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.8.2') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-400f48f07176c38f6bfd2ac0a3435491.yaml b/nuclei-templates/2023/CVE-2023-33999-400f48f07176c38f6bfd2ac0a3435491.yaml new file mode 100644 index 0000000000..0ea5cb8717 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-400f48f07176c38f6bfd2ac0a3435491.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-400f48f07176c38f6bfd2ac0a3435491 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/woocommerce-country-based-payments/" + google-query: inurl:"/wp-content/plugins/woocommerce-country-based-payments/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,woocommerce-country-based-payments,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-country-based-payments/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-country-based-payments" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.2.0', '<= 1.4.3') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-407d37a92ab4b1ccb9dc3c5ebe8c3e85.yaml b/nuclei-templates/2023/CVE-2023-33999-407d37a92ab4b1ccb9dc3c5ebe8c3e85.yaml new file mode 100644 index 0000000000..1dbbafd5f7 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-407d37a92ab4b1ccb9dc3c5ebe8c3e85.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-407d37a92ab4b1ccb9dc3c5ebe8c3e85 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/webba-booking-lite/" + google-query: inurl:"/wp-content/plugins/webba-booking-lite/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,webba-booking-lite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/webba-booking-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "webba-booking-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.5.28') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-41df70ede2c57fa0e2001d914ff03632.yaml b/nuclei-templates/2023/CVE-2023-33999-41df70ede2c57fa0e2001d914ff03632.yaml new file mode 100644 index 0000000000..c5d0fc5be4 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-41df70ede2c57fa0e2001d914ff03632.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-41df70ede2c57fa0e2001d914ff03632 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/woocommerce-product-payments/" + google-query: inurl:"/wp-content/plugins/woocommerce-product-payments/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,woocommerce-product-payments,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-product-payments/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-product-payments" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 3.0.0', '<= 3.2.6') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-4286047d05dd9aee33d1e420d603bd79.yaml b/nuclei-templates/2023/CVE-2023-33999-4286047d05dd9aee33d1e420d603bd79.yaml new file mode 100644 index 0000000000..fd51d9e0eb --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-4286047d05dd9aee33d1e420d603bd79.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-4286047d05dd9aee33d1e420d603bd79 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/sky-login-redirect/" + google-query: inurl:"/wp-content/plugins/sky-login-redirect/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,sky-login-redirect,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sky-login-redirect/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sky-login-redirect" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.7.2') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-4473586c450628adc1500c2b570548da.yaml b/nuclei-templates/2023/CVE-2023-33999-4473586c450628adc1500c2b570548da.yaml new file mode 100644 index 0000000000..9689935c92 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-4473586c450628adc1500c2b570548da.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-4473586c450628adc1500c2b570548da + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/wow-carousel-for-divi-lite/" + google-query: inurl:"/wp-content/plugins/wow-carousel-for-divi-lite/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,wow-carousel-for-divi-lite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wow-carousel-for-divi-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wow-carousel-for-divi-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.11') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-45ca34211dd61162be5e88c9fc71b6b4.yaml b/nuclei-templates/2023/CVE-2023-33999-45ca34211dd61162be5e88c9fc71b6b4.yaml new file mode 100644 index 0000000000..17c1825311 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-45ca34211dd61162be5e88c9fc71b6b4.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-45ca34211dd61162be5e88c9fc71b6b4 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/product-delivery-date/" + google-query: inurl:"/wp-content/plugins/product-delivery-date/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,product-delivery-date,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/product-delivery-date/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "product-delivery-date" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.1.0', '<= 1.1.4') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-471c93f37f2109643ce7bc9540a68878.yaml b/nuclei-templates/2023/CVE-2023-33999-471c93f37f2109643ce7bc9540a68878.yaml new file mode 100644 index 0000000000..08f5fc89ce --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-471c93f37f2109643ce7bc9540a68878.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-471c93f37f2109643ce7bc9540a68878 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/postcode-redirect/" + google-query: inurl:"/wp-content/plugins/postcode-redirect/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,postcode-redirect,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/postcode-redirect/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "postcode-redirect" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 2.1.1', '<= 4.4.1') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-47337ccfe08faf67dde27a363f121413.yaml b/nuclei-templates/2023/CVE-2023-33999-47337ccfe08faf67dde27a363f121413.yaml new file mode 100644 index 0000000000..7479a637d9 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-47337ccfe08faf67dde27a363f121413.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-47337ccfe08faf67dde27a363f121413 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/sv-provenexpert/" + google-query: inurl:"/wp-content/plugins/sv-provenexpert/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,sv-provenexpert,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sv-provenexpert/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sv-provenexpert" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.00') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-4a63c5468f29a0075aa99394a352445b.yaml b/nuclei-templates/2023/CVE-2023-33999-4a63c5468f29a0075aa99394a352445b.yaml new file mode 100644 index 0000000000..cd3e39e960 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-4a63c5468f29a0075aa99394a352445b.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-4a63c5468f29a0075aa99394a352445b + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/sites-monitor/" + google-query: inurl:"/wp-content/plugins/sites-monitor/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,sites-monitor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sites-monitor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sites-monitor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 0.0.7', '<= 0.0.8') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-4a6d5385f15bd151028e5eac2eb555cc.yaml b/nuclei-templates/2023/CVE-2023-33999-4a6d5385f15bd151028e5eac2eb555cc.yaml new file mode 100644 index 0000000000..1788494dc6 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-4a6d5385f15bd151028e5eac2eb555cc.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-4a6d5385f15bd151028e5eac2eb555cc + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/wps-team/" + google-query: inurl:"/wp-content/plugins/wps-team/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,wps-team,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wps-team/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wps-team" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 2.0.0', '<= 2.7.0') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-4aa46e0916cc40ddf7204aa80d19ad15.yaml b/nuclei-templates/2023/CVE-2023-33999-4aa46e0916cc40ddf7204aa80d19ad15.yaml new file mode 100644 index 0000000000..118fc5342f --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-4aa46e0916cc40ddf7204aa80d19ad15.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-4aa46e0916cc40ddf7204aa80d19ad15 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/woo-shipping-display-mode/" + google-query: inurl:"/wp-content/plugins/woo-shipping-display-mode/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,woo-shipping-display-mode,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-shipping-display-mode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-shipping-display-mode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 3.4', '<= 3.7.6') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-4aed218a87ebf42415329fdd668ffafa.yaml b/nuclei-templates/2023/CVE-2023-33999-4aed218a87ebf42415329fdd668ffafa.yaml new file mode 100644 index 0000000000..8da478fe1c --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-4aed218a87ebf42415329fdd668ffafa.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-4aed218a87ebf42415329fdd668ffafa + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/autocomplete-address-and-location-picker-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/autocomplete-address-and-location-picker-for-woocommerce/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,autocomplete-address-and-location-picker-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/autocomplete-address-and-location-picker-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "autocomplete-address-and-location-picker-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.0.0', '<= 1.1.5') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-4b4f2acd1c04e99503b23c4b0a2f1d31.yaml b/nuclei-templates/2023/CVE-2023-33999-4b4f2acd1c04e99503b23c4b0a2f1d31.yaml new file mode 100644 index 0000000000..901c8c4c14 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-4b4f2acd1c04e99503b23c4b0a2f1d31.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-4b4f2acd1c04e99503b23c4b0a2f1d31 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/surbma-magyar-woocommerce/" + google-query: inurl:"/wp-content/plugins/surbma-magyar-woocommerce/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,surbma-magyar-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/surbma-magyar-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "surbma-magyar-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 30.3.0') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-4b564dcba19eaab644cee0d3de990f64.yaml b/nuclei-templates/2023/CVE-2023-33999-4b564dcba19eaab644cee0d3de990f64.yaml new file mode 100644 index 0000000000..9d7076d001 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-4b564dcba19eaab644cee0d3de990f64.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-4b564dcba19eaab644cee0d3de990f64 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/featured-products-first-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/featured-products-first-for-woocommerce/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,featured-products-first-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/featured-products-first-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "featured-products-first-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.0', '<= 1.9.5') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-4c06a6dee10fec7bbb82718df0434637.yaml b/nuclei-templates/2023/CVE-2023-33999-4c06a6dee10fec7bbb82718df0434637.yaml new file mode 100644 index 0000000000..e22dff7820 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-4c06a6dee10fec7bbb82718df0434637.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-4c06a6dee10fec7bbb82718df0434637 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/woo-advanced-product-size-chart/" + google-query: inurl:"/wp-content/plugins/woo-advanced-product-size-chart/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,woo-advanced-product-size-chart,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-advanced-product-size-chart/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-advanced-product-size-chart" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 2.0.1', '<= 2.4.3') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-4c6692197b34cf634659d8481ee4a5d0.yaml b/nuclei-templates/2023/CVE-2023-33999-4c6692197b34cf634659d8481ee4a5d0.yaml new file mode 100644 index 0000000000..94489686cd --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-4c6692197b34cf634659d8481ee4a5d0.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-4c6692197b34cf634659d8481ee4a5d0 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/woo-authorize-net-gateway-aim/" + google-query: inurl:"/wp-content/plugins/woo-authorize-net-gateway-aim/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,woo-authorize-net-gateway-aim,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-authorize-net-gateway-aim/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-authorize-net-gateway-aim" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 5.0.0', '<= 6.0.3') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-4d1b8d9e5762086ecb5261c5935fcd67.yaml b/nuclei-templates/2023/CVE-2023-33999-4d1b8d9e5762086ecb5261c5935fcd67.yaml new file mode 100644 index 0000000000..00d94a2beb --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-4d1b8d9e5762086ecb5261c5935fcd67.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-4d1b8d9e5762086ecb5261c5935fcd67 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/music-player-for-elementor/" + google-query: inurl:"/wp-content/plugins/music-player-for-elementor/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,music-player-for-elementor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/music-player-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "music-player-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.5', '<= 1.5.9.8') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-4ec35eddca061169c30b35444fbef74f.yaml b/nuclei-templates/2023/CVE-2023-33999-4ec35eddca061169c30b35444fbef74f.yaml new file mode 100644 index 0000000000..c6f27b64bc --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-4ec35eddca061169c30b35444fbef74f.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-4ec35eddca061169c30b35444fbef74f + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/woocommerce-shipping-gateway-per-product/" + google-query: inurl:"/wp-content/plugins/woocommerce-shipping-gateway-per-product/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,woocommerce-shipping-gateway-per-product,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-shipping-gateway-per-product/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-shipping-gateway-per-product" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 2.0.0', '<= 2.3.2') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-4f9421e83abc8397edae2e063ee5f3cb.yaml b/nuclei-templates/2023/CVE-2023-33999-4f9421e83abc8397edae2e063ee5f3cb.yaml new file mode 100644 index 0000000000..693bea6b41 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-4f9421e83abc8397edae2e063ee5f3cb.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-4f9421e83abc8397edae2e063ee5f3cb + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/simple-feature-requests/" + google-query: inurl:"/wp-content/plugins/simple-feature-requests/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,simple-feature-requests,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-feature-requests/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-feature-requests" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.0.0', '<= 2.2.4') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-4fc1e13b4e35c0b5476654b962705ee0.yaml b/nuclei-templates/2023/CVE-2023-33999-4fc1e13b4e35c0b5476654b962705ee0.yaml new file mode 100644 index 0000000000..6ece47fb5b --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-4fc1e13b4e35c0b5476654b962705ee0.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-4fc1e13b4e35c0b5476654b962705ee0 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/annasta-woocommerce-product-filters/" + google-query: inurl:"/wp-content/plugins/annasta-woocommerce-product-filters/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,annasta-woocommerce-product-filters,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/annasta-woocommerce-product-filters/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "annasta-woocommerce-product-filters" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.0.5', '<= 1.6.3') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-508a4d3d25519366f61455419e2d2cd6.yaml b/nuclei-templates/2023/CVE-2023-33999-508a4d3d25519366f61455419e2d2cd6.yaml new file mode 100644 index 0000000000..ec804757c7 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-508a4d3d25519366f61455419e2d2cd6.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-508a4d3d25519366f61455419e2d2cd6 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/web3-token-gate/" + google-query: inurl:"/wp-content/plugins/web3-token-gate/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,web3-token-gate,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/web3-token-gate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "web3-token-gate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.0.0', '<= 1.0.4') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-51744e139fddae0aae1f3d282c843887.yaml b/nuclei-templates/2023/CVE-2023-33999-51744e139fddae0aae1f3d282c843887.yaml new file mode 100644 index 0000000000..2044e1fbb4 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-51744e139fddae0aae1f3d282c843887.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-51744e139fddae0aae1f3d282c843887 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/rest-routes/" + google-query: inurl:"/wp-content/plugins/rest-routes/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,rest-routes,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rest-routes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rest-routes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 2.0.2', '<= 5.5.2') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-517705b7a4d29809c8e0a6e66daf897f.yaml b/nuclei-templates/2023/CVE-2023-33999-517705b7a4d29809c8e0a6e66daf897f.yaml new file mode 100644 index 0000000000..68036859b5 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-517705b7a4d29809c8e0a6e66daf897f.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-517705b7a4d29809c8e0a6e66daf897f + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/ethereumico/" + google-query: inurl:"/wp-content/plugins/ethereumico/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,ethereumico,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ethereumico/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ethereumico" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 2.0.0', '<= 2.4.3') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-51f07dcfa67c7fde12b50244e4762c13.yaml b/nuclei-templates/2023/CVE-2023-33999-51f07dcfa67c7fde12b50244e4762c13.yaml new file mode 100644 index 0000000000..e107c78be8 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-51f07dcfa67c7fde12b50244e4762c13.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-51f07dcfa67c7fde12b50244e4762c13 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/contact-list/" + google-query: inurl:"/wp-content/plugins/contact-list/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,contact-list,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-list/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-list" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 2.9.24', '<= 2.9.69') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-524711a13e6f4e756e6765ea452a64c8.yaml b/nuclei-templates/2023/CVE-2023-33999-524711a13e6f4e756e6765ea452a64c8.yaml new file mode 100644 index 0000000000..5f4f229d81 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-524711a13e6f4e756e6765ea452a64c8.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-524711a13e6f4e756e6765ea452a64c8 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/print-my-blog/" + google-query: inurl:"/wp-content/plugins/print-my-blog/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,print-my-blog,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/print-my-blog/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "print-my-blog" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 3.3.0', '<= 3.25.1') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-527f4052bd22e7c1ac7c05f303293c04.yaml b/nuclei-templates/2023/CVE-2023-33999-527f4052bd22e7c1ac7c05f303293c04.yaml new file mode 100644 index 0000000000..6da7d598f4 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-527f4052bd22e7c1ac7c05f303293c04.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-527f4052bd22e7c1ac7c05f303293c04 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/advanced-page-visit-counter/" + google-query: inurl:"/wp-content/plugins/advanced-page-visit-counter/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,advanced-page-visit-counter,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-page-visit-counter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-page-visit-counter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 3.0', '<= 7.1.0') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-52d61dc4dd228bd07417a9acd45a6e56.yaml b/nuclei-templates/2023/CVE-2023-33999-52d61dc4dd228bd07417a9acd45a6e56.yaml new file mode 100644 index 0000000000..743d589188 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-52d61dc4dd228bd07417a9acd45a6e56.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-52d61dc4dd228bd07417a9acd45a6e56 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/quick-contact-form/" + google-query: inurl:"/wp-content/plugins/quick-contact-form/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,quick-contact-form,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quick-contact-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quick-contact-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 7.0.0', '<= 8.0.6.6') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-52ecaf1a9f285fec49ab306bcebe1971.yaml b/nuclei-templates/2023/CVE-2023-33999-52ecaf1a9f285fec49ab306bcebe1971.yaml new file mode 100644 index 0000000000..8fd8006f62 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-52ecaf1a9f285fec49ab306bcebe1971.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-52ecaf1a9f285fec49ab306bcebe1971 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/wp-transactions/" + google-query: inurl:"/wp-content/plugins/wp-transactions/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,wp-transactions,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-transactions/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-transactions" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.9') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-531cdef0897190bd5bf5b3cdd0b82c83.yaml b/nuclei-templates/2023/CVE-2023-33999-531cdef0897190bd5bf5b3cdd0b82c83.yaml new file mode 100644 index 0000000000..57bf071bbb --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-531cdef0897190bd5bf5b3cdd0b82c83.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-531cdef0897190bd5bf5b3cdd0b82c83 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/xt-woo-points-rewards/" + google-query: inurl:"/wp-content/plugins/xt-woo-points-rewards/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,xt-woo-points-rewards,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/xt-woo-points-rewards/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "xt-woo-points-rewards" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.3.5', '<= 1.6.4') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-53e76a862c1c20a1f14edf4ce48645e7.yaml b/nuclei-templates/2023/CVE-2023-33999-53e76a862c1c20a1f14edf4ce48645e7.yaml new file mode 100644 index 0000000000..7a79090f07 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-53e76a862c1c20a1f14edf4ce48645e7.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-53e76a862c1c20a1f14edf4ce48645e7 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/multipurpose-block/" + google-query: inurl:"/wp-content/plugins/multipurpose-block/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,multipurpose-block,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/multipurpose-block/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "multipurpose-block" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.3', '<= 1.7.5') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-54401055a1429030cdba144434762f74.yaml b/nuclei-templates/2023/CVE-2023-33999-54401055a1429030cdba144434762f74.yaml new file mode 100644 index 0000000000..70cb3d751b --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-54401055a1429030cdba144434762f74.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-54401055a1429030cdba144434762f74 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/mycred/" + google-query: inurl:"/wp-content/plugins/mycred/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,mycred,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mycred/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mycred" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.2') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-561651b178b9df86ab78737b54bf0942.yaml b/nuclei-templates/2023/CVE-2023-33999-561651b178b9df86ab78737b54bf0942.yaml new file mode 100644 index 0000000000..440298405b --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-561651b178b9df86ab78737b54bf0942.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-561651b178b9df86ab78737b54bf0942 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/auto-advance-for-gravity-forms/" + google-query: inurl:"/wp-content/plugins/auto-advance-for-gravity-forms/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,auto-advance-for-gravity-forms,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/auto-advance-for-gravity-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "auto-advance-for-gravity-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.5.3') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-56c633c60882b337c1f16d30c0f9fb74.yaml b/nuclei-templates/2023/CVE-2023-33999-56c633c60882b337c1f16d30c0f9fb74.yaml new file mode 100644 index 0000000000..2b541b31ee --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-56c633c60882b337c1f16d30c0f9fb74.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-56c633c60882b337c1f16d30c0f9fb74 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/momo-venmo/" + google-query: inurl:"/wp-content/plugins/momo-venmo/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,momo-venmo,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/momo-venmo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "momo-venmo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-5758cf0ae460a11db6d529949d668f87.yaml b/nuclei-templates/2023/CVE-2023-33999-5758cf0ae460a11db6d529949d668f87.yaml new file mode 100644 index 0000000000..c996a5f0bb --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-5758cf0ae460a11db6d529949d668f87.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-5758cf0ae460a11db6d529949d668f87 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/livemesh-weight-based-shipping/" + google-query: inurl:"/wp-content/plugins/livemesh-weight-based-shipping/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,livemesh-weight-based-shipping,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/livemesh-weight-based-shipping/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "livemesh-weight-based-shipping" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.2') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-575a88664a772e013595b43c4da74e9f.yaml b/nuclei-templates/2023/CVE-2023-33999-575a88664a772e013595b43c4da74e9f.yaml new file mode 100644 index 0000000000..7fdc458dad --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-575a88664a772e013595b43c4da74e9f.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-575a88664a772e013595b43c4da74e9f + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/copy-the-code/" + google-query: inurl:"/wp-content/plugins/copy-the-code/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,copy-the-code,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/copy-the-code/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "copy-the-code" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.3.0', '<= 2.6.3') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-57a16db3a81ee9a61c9349716618343c.yaml b/nuclei-templates/2023/CVE-2023-33999-57a16db3a81ee9a61c9349716618343c.yaml new file mode 100644 index 0000000000..cbf8b9272b --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-57a16db3a81ee9a61c9349716618343c.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-57a16db3a81ee9a61c9349716618343c + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/checkbox/" + google-query: inurl:"/wp-content/plugins/checkbox/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,checkbox,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/checkbox/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "checkbox" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.8.3') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-58ba91ad01268ee4579995a8f0a1976e.yaml b/nuclei-templates/2023/CVE-2023-33999-58ba91ad01268ee4579995a8f0a1976e.yaml new file mode 100644 index 0000000000..aded120bbc --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-58ba91ad01268ee4579995a8f0a1976e.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-58ba91ad01268ee4579995a8f0a1976e + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/joli-table-of-contents/" + google-query: inurl:"/wp-content/plugins/joli-table-of-contents/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,joli-table-of-contents,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/joli-table-of-contents/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "joli-table-of-contents" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.0.0', '<= 2.0.9') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-58bacfa093d888d986d312c32149a2bf.yaml b/nuclei-templates/2023/CVE-2023-33999-58bacfa093d888d986d312c32149a2bf.yaml new file mode 100644 index 0000000000..50dec5dd08 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-58bacfa093d888d986d312c32149a2bf.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-58bacfa093d888d986d312c32149a2bf + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/unlimited-elements-for-elementor/" + google-query: inurl:"/wp-content/plugins/unlimited-elements-for-elementor/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,unlimited-elements-for-elementor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/unlimited-elements-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "unlimited-elements-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.74') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-58d290155a0a6a664e750d2f28163140.yaml b/nuclei-templates/2023/CVE-2023-33999-58d290155a0a6a664e750d2f28163140.yaml new file mode 100644 index 0000000000..0cd6aafab5 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-58d290155a0a6a664e750d2f28163140.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-58d290155a0a6a664e750d2f28163140 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/wp-google-places-review-slider/" + google-query: inurl:"/wp-content/plugins/wp-google-places-review-slider/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,wp-google-places-review-slider,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-google-places-review-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-google-places-review-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 11.2', '<= 12.5') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-5974be3e2f516cf62133febb08a88b2c.yaml b/nuclei-templates/2023/CVE-2023-33999-5974be3e2f516cf62133febb08a88b2c.yaml new file mode 100644 index 0000000000..289d61699b --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-5974be3e2f516cf62133febb08a88b2c.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-5974be3e2f516cf62133febb08a88b2c + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/post-list-designer/" + google-query: inurl:"/wp-content/plugins/post-list-designer/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,post-list-designer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/post-list-designer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "post-list-designer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-598568f0b38967d8bc3e441d44e050af.yaml b/nuclei-templates/2023/CVE-2023-33999-598568f0b38967d8bc3e441d44e050af.yaml new file mode 100644 index 0000000000..d424f181d9 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-598568f0b38967d8bc3e441d44e050af.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-598568f0b38967d8bc3e441d44e050af + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/themes/hotelica/" + google-query: inurl:"/wp-content/themes/hotelica/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-theme,hotelica,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/hotelica/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "hotelica" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-5b61148fadea6d55c7467eb0ea487bcc.yaml b/nuclei-templates/2023/CVE-2023-33999-5b61148fadea6d55c7467eb0ea487bcc.yaml new file mode 100644 index 0000000000..f728a04632 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-5b61148fadea6d55c7467eb0ea487bcc.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-5b61148fadea6d55c7467eb0ea487bcc + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/caxton/" + google-query: inurl:"/wp-content/plugins/caxton/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,caxton,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/caxton/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "caxton" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.30.0') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-5be5593362da9c2e172dc173bc852d2d.yaml b/nuclei-templates/2023/CVE-2023-33999-5be5593362da9c2e172dc173bc852d2d.yaml new file mode 100644 index 0000000000..eef4ba1d51 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-5be5593362da9c2e172dc173bc852d2d.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-5be5593362da9c2e172dc173bc852d2d + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/wc-thanks-redirect/" + google-query: inurl:"/wp-content/plugins/wc-thanks-redirect/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,wc-thanks-redirect,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wc-thanks-redirect/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wc-thanks-redirect" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-60a2d090444ceb108e76e323c4f8ea70.yaml b/nuclei-templates/2023/CVE-2023-33999-60a2d090444ceb108e76e323c4f8ea70.yaml new file mode 100644 index 0000000000..396fabbb26 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-60a2d090444ceb108e76e323c4f8ea70.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-60a2d090444ceb108e76e323c4f8ea70 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/webinar-ignition/" + google-query: inurl:"/wp-content/plugins/webinar-ignition/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,webinar-ignition,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/webinar-ignition/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "webinar-ignition" + part: body + + - type: dsl + dsl: + - compare_versions(version, '3.01.2') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-60eb31ce9e821faad87d7c7bf8a3fcdb.yaml b/nuclei-templates/2023/CVE-2023-33999-60eb31ce9e821faad87d7c7bf8a3fcdb.yaml new file mode 100644 index 0000000000..9c2f7f6d81 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-60eb31ce9e821faad87d7c7bf8a3fcdb.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-60eb31ce9e821faad87d7c7bf8a3fcdb + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/wp-contact-slider/" + google-query: inurl:"/wp-content/plugins/wp-contact-slider/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,wp-contact-slider,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-contact-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-contact-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.8') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-61068f4fd53c844a9ab83bb31c511614.yaml b/nuclei-templates/2023/CVE-2023-33999-61068f4fd53c844a9ab83bb31c511614.yaml new file mode 100644 index 0000000000..99c8d94f70 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-61068f4fd53c844a9ab83bb31c511614.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-61068f4fd53c844a9ab83bb31c511614 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/seo-booster/" + google-query: inurl:"/wp-content/plugins/seo-booster/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,seo-booster,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/seo-booster/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "seo-booster" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 3.3.30', '<= 3.8.8') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-61add13408b309006eb687914f422212.yaml b/nuclei-templates/2023/CVE-2023-33999-61add13408b309006eb687914f422212.yaml new file mode 100644 index 0000000000..48371dffb6 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-61add13408b309006eb687914f422212.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-61add13408b309006eb687914f422212 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/comments-not-replied-to/" + google-query: inurl:"/wp-content/plugins/comments-not-replied-to/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,comments-not-replied-to,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/comments-not-replied-to/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "comments-not-replied-to" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.5.0', '<= 1.5.7') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-62b0ed496a88c89364d94e261e19201c.yaml b/nuclei-templates/2023/CVE-2023-33999-62b0ed496a88c89364d94e261e19201c.yaml new file mode 100644 index 0000000000..d7115e741c --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-62b0ed496a88c89364d94e261e19201c.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-62b0ed496a88c89364d94e261e19201c + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/gutenslider/" + google-query: inurl:"/wp-content/plugins/gutenslider/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,gutenslider,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gutenslider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gutenslider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 2.6.3', '<= 5.10.1') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-634443f6858ee8e228494e9f766adcbc.yaml b/nuclei-templates/2023/CVE-2023-33999-634443f6858ee8e228494e9f766adcbc.yaml new file mode 100644 index 0000000000..c94e87dda0 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-634443f6858ee8e228494e9f766adcbc.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-634443f6858ee8e228494e9f766adcbc + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/widgets-on-pages/" + google-query: inurl:"/wp-content/plugins/widgets-on-pages/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,widgets-on-pages,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/widgets-on-pages/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "widgets-on-pages" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-63d0d65e5dca2ba9321ce3be427545a6.yaml b/nuclei-templates/2023/CVE-2023-33999-63d0d65e5dca2ba9321ce3be427545a6.yaml new file mode 100644 index 0000000000..b3111459b3 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-63d0d65e5dca2ba9321ce3be427545a6.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-63d0d65e5dca2ba9321ce3be427545a6 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/wp-travel-engine/" + google-query: inurl:"/wp-content/plugins/wp-travel-engine/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,wp-travel-engine,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-travel-engine/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-travel-engine" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.7.4') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-6425cb692780436f55291beb311c72dc.yaml b/nuclei-templates/2023/CVE-2023-33999-6425cb692780436f55291beb311c72dc.yaml new file mode 100644 index 0000000000..cb666129e4 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-6425cb692780436f55291beb311c72dc.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-6425cb692780436f55291beb311c72dc + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/post-snippets/" + google-query: inurl:"/wp-content/plugins/post-snippets/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,post-snippets,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/post-snippets/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "post-snippets" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 3.0.0', '<= 4.0.3') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-6537ae8ea90a94ee2341edbf379311ab.yaml b/nuclei-templates/2023/CVE-2023-33999-6537ae8ea90a94ee2341edbf379311ab.yaml new file mode 100644 index 0000000000..373e6cfed8 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-6537ae8ea90a94ee2341edbf379311ab.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-6537ae8ea90a94ee2341edbf379311ab + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/ajax-search-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/ajax-search-for-woocommerce/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,ajax-search-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ajax-search-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ajax-search-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.1.7', '<= 1.24.0') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-65443ed138fd67201f0983d4224e7723.yaml b/nuclei-templates/2023/CVE-2023-33999-65443ed138fd67201f0983d4224e7723.yaml new file mode 100644 index 0000000000..4ed4f0f74c --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-65443ed138fd67201f0983d4224e7723.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-65443ed138fd67201f0983d4224e7723 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/simple-sitemap/" + google-query: inurl:"/wp-content/plugins/simple-sitemap/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,simple-sitemap,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-sitemap/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-sitemap" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 3.2', '<= 3.5.9') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-66b16940c4b193bebaf6079d1447eee8.yaml b/nuclei-templates/2023/CVE-2023-33999-66b16940c4b193bebaf6079d1447eee8.yaml new file mode 100644 index 0000000000..2cc6945382 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-66b16940c4b193bebaf6079d1447eee8.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-66b16940c4b193bebaf6079d1447eee8 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/cheetaho-image-optimizer/" + google-query: inurl:"/wp-content/plugins/cheetaho-image-optimizer/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,cheetaho-image-optimizer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cheetaho-image-optimizer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cheetaho-image-optimizer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.3') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-6875e1c93dbc3f70c2faf4f9e3ac1e57.yaml b/nuclei-templates/2023/CVE-2023-33999-6875e1c93dbc3f70c2faf4f9e3ac1e57.yaml new file mode 100644 index 0000000000..19801becd7 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-6875e1c93dbc3f70c2faf4f9e3ac1e57.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-6875e1c93dbc3f70c2faf4f9e3ac1e57 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/update-urls/" + google-query: inurl:"/wp-content/plugins/update-urls/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,update-urls,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/update-urls/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "update-urls" + part: body + + - type: dsl + dsl: + - compare_versions(version, '1.2.1') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-68787379c9dd819c5e6dacd83c95dbb5.yaml b/nuclei-templates/2023/CVE-2023-33999-68787379c9dd819c5e6dacd83c95dbb5.yaml new file mode 100644 index 0000000000..e7439f3c24 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-68787379c9dd819c5e6dacd83c95dbb5.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-68787379c9dd819c5e6dacd83c95dbb5 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/email-tracker/" + google-query: inurl:"/wp-content/plugins/email-tracker/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,email-tracker,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/email-tracker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "email-tracker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.3.8') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-694fc226fb09e6620949468f7d3a2275.yaml b/nuclei-templates/2023/CVE-2023-33999-694fc226fb09e6620949468f7d3a2275.yaml new file mode 100644 index 0000000000..4130dea8b3 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-694fc226fb09e6620949468f7d3a2275.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-694fc226fb09e6620949468f7d3a2275 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/market-exporter/" + google-query: inurl:"/wp-content/plugins/market-exporter/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,market-exporter,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/market-exporter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "market-exporter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.0.5', '<= 2.0.18') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-6b24d50a4fa61b2abf908eb8ed86a51e.yaml b/nuclei-templates/2023/CVE-2023-33999-6b24d50a4fa61b2abf908eb8ed86a51e.yaml new file mode 100644 index 0000000000..cf553282fb --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-6b24d50a4fa61b2abf908eb8ed86a51e.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-6b24d50a4fa61b2abf908eb8ed86a51e + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/where-did-they-go-from-here/" + google-query: inurl:"/wp-content/plugins/where-did-they-go-from-here/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,where-did-they-go-from-here,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/where-did-they-go-from-here/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "where-did-they-go-from-here" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.1') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-6b58e6301deec7509f7f5fa049eaa5ac.yaml b/nuclei-templates/2023/CVE-2023-33999-6b58e6301deec7509f7f5fa049eaa5ac.yaml new file mode 100644 index 0000000000..e2dde4d815 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-6b58e6301deec7509f7f5fa049eaa5ac.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-6b58e6301deec7509f7f5fa049eaa5ac + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/ethereum-wallet/" + google-query: inurl:"/wp-content/plugins/ethereum-wallet/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,ethereum-wallet,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ethereum-wallet/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ethereum-wallet" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.10.5') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-6badf7b888f1d6aa42a32b659e24fb24.yaml b/nuclei-templates/2023/CVE-2023-33999-6badf7b888f1d6aa42a32b659e24fb24.yaml new file mode 100644 index 0000000000..fe39a17ba0 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-6badf7b888f1d6aa42a32b659e24fb24.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-6badf7b888f1d6aa42a32b659e24fb24 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/wp-persistent-login/" + google-query: inurl:"/wp-content/plugins/wp-persistent-login/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,wp-persistent-login,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-persistent-login/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-persistent-login" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.14') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-6d04bba3ea8a3d9b9149dd2685985b15.yaml b/nuclei-templates/2023/CVE-2023-33999-6d04bba3ea8a3d9b9149dd2685985b15.yaml new file mode 100644 index 0000000000..5cc9c95e5c --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-6d04bba3ea8a3d9b9149dd2685985b15.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-6d04bba3ea8a3d9b9149dd2685985b15 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/ultimate-blocks/" + google-query: inurl:"/wp-content/plugins/ultimate-blocks/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,ultimate-blocks,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-blocks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-blocks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.1') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-6dc0215a803a5be7a3619aaca1a5e3cf.yaml b/nuclei-templates/2023/CVE-2023-33999-6dc0215a803a5be7a3619aaca1a5e3cf.yaml new file mode 100644 index 0000000000..297a3a0d53 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-6dc0215a803a5be7a3619aaca1a5e3cf.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-6dc0215a803a5be7a3619aaca1a5e3cf + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/royal-elementor-addons/" + google-query: inurl:"/wp-content/plugins/royal-elementor-addons/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,royal-elementor-addons,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/royal-elementor-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "royal-elementor-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.3', '<= 1.3.70') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-6fc1a24ba7e487425b1c4d1104bb47b4.yaml b/nuclei-templates/2023/CVE-2023-33999-6fc1a24ba7e487425b1c4d1104bb47b4.yaml new file mode 100644 index 0000000000..39349e6c35 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-6fc1a24ba7e487425b1c4d1104bb47b4.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-6fc1a24ba7e487425b1c4d1104bb47b4 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/limb-gallery/" + google-query: inurl:"/wp-content/plugins/limb-gallery/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,limb-gallery,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/limb-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "limb-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.4.9', '<= 1.5.5') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-72e6169161832fa0c35ff70dcfbe9309.yaml b/nuclei-templates/2023/CVE-2023-33999-72e6169161832fa0c35ff70dcfbe9309.yaml new file mode 100644 index 0000000000..b499bf2f55 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-72e6169161832fa0c35ff70dcfbe9309.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-72e6169161832fa0c35ff70dcfbe9309 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/geounit-maps/" + google-query: inurl:"/wp-content/plugins/geounit-maps/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,geounit-maps,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/geounit-maps/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "geounit-maps" + part: body + + - type: dsl + dsl: + - compare_versions(version, '0.0.6') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-73148527d40f95a0394f6f9e410b52bf.yaml b/nuclei-templates/2023/CVE-2023-33999-73148527d40f95a0394f6f9e410b52bf.yaml new file mode 100644 index 0000000000..27edc463b6 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-73148527d40f95a0394f6f9e410b52bf.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-73148527d40f95a0394f6f9e410b52bf + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/themes/fortune/" + google-query: inurl:"/wp-content/themes/fortune/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-theme,fortune,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/fortune/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fortune" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-73318f7b2c2c604d6a976c179fae5ed5.yaml b/nuclei-templates/2023/CVE-2023-33999-73318f7b2c2c604d6a976c179fae5ed5.yaml new file mode 100644 index 0000000000..fe23018e7c --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-73318f7b2c2c604d6a976c179fae5ed5.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-73318f7b2c2c604d6a976c179fae5ed5 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/xt-woo-variation-swatches/" + google-query: inurl:"/wp-content/plugins/xt-woo-variation-swatches/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,xt-woo-variation-swatches,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/xt-woo-variation-swatches/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "xt-woo-variation-swatches" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.7.2', '<= 1.8.7') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-733c4e81a033a20498eb6d389218c4c0.yaml b/nuclei-templates/2023/CVE-2023-33999-733c4e81a033a20498eb6d389218c4c0.yaml new file mode 100644 index 0000000000..074ee51182 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-733c4e81a033a20498eb6d389218c4c0.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-733c4e81a033a20498eb6d389218c4c0 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/tablesome/" + google-query: inurl:"/wp-content/plugins/tablesome/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,tablesome,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tablesome/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tablesome" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.14') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-736d0946070b04507076e9fd8a8bafc6.yaml b/nuclei-templates/2023/CVE-2023-33999-736d0946070b04507076e9fd8a8bafc6.yaml new file mode 100644 index 0000000000..3603d318ff --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-736d0946070b04507076e9fd8a8bafc6.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-736d0946070b04507076e9fd8a8bafc6 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/f4-tree/" + google-query: inurl:"/wp-content/plugins/f4-tree/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,f4-tree,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/f4-tree/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "f4-tree" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.1.0', '<= 1.1.14') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-7433061a76081d74bec3beccbb5522eb.yaml b/nuclei-templates/2023/CVE-2023-33999-7433061a76081d74bec3beccbb5522eb.yaml new file mode 100644 index 0000000000..be9604ee04 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-7433061a76081d74bec3beccbb5522eb.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-7433061a76081d74bec3beccbb5522eb + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/fuse-social-floating-sidebar/" + google-query: inurl:"/wp-content/plugins/fuse-social-floating-sidebar/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,fuse-social-floating-sidebar,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fuse-social-floating-sidebar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fuse-social-floating-sidebar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 3.1', '<= 5.4.8') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-789ef7ddca4b8d0c8f44b8246e9e3af0.yaml b/nuclei-templates/2023/CVE-2023-33999-789ef7ddca4b8d0c8f44b8246e9e3af0.yaml new file mode 100644 index 0000000000..13d0b7448d --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-789ef7ddca4b8d0c8f44b8246e9e3af0.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-789ef7ddca4b8d0c8f44b8246e9e3af0 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/bnfw/" + google-query: inurl:"/wp-content/plugins/bnfw/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,bnfw,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bnfw/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bnfw" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.14') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-789f0ed572d34f0905a539ca89ceb048.yaml b/nuclei-templates/2023/CVE-2023-33999-789f0ed572d34f0905a539ca89ceb048.yaml new file mode 100644 index 0000000000..622551d702 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-789f0ed572d34f0905a539ca89ceb048.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-789f0ed572d34f0905a539ca89ceb048 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/wp-asset-clean-up/" + google-query: inurl:"/wp-content/plugins/wp-asset-clean-up/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,wp-asset-clean-up,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-asset-clean-up/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-asset-clean-up" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.5.4') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-79ce60e4a55ba8d0f4b4864209ca19f2.yaml b/nuclei-templates/2023/CVE-2023-33999-79ce60e4a55ba8d0f4b4864209ca19f2.yaml new file mode 100644 index 0000000000..b757f59707 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-79ce60e4a55ba8d0f4b4864209ca19f2.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-79ce60e4a55ba8d0f4b4864209ca19f2 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/themes/bingopress/" + google-query: inurl:"/wp-content/themes/bingopress/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-theme,bingopress,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/bingopress/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bingopress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.14') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-79cee635bc5290788740f1f5849a10a7.yaml b/nuclei-templates/2023/CVE-2023-33999-79cee635bc5290788740f1f5849a10a7.yaml new file mode 100644 index 0000000000..564968d162 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-79cee635bc5290788740f1f5849a10a7.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-79cee635bc5290788740f1f5849a10a7 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/sonawp-simple-payment-block/" + google-query: inurl:"/wp-content/plugins/sonawp-simple-payment-block/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,sonawp-simple-payment-block,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sonawp-simple-payment-block/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sonawp-simple-payment-block" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-7b2335ded4b26edabefffcfb0800acab.yaml b/nuclei-templates/2023/CVE-2023-33999-7b2335ded4b26edabefffcfb0800acab.yaml new file mode 100644 index 0000000000..16126d1465 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-7b2335ded4b26edabefffcfb0800acab.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-7b2335ded4b26edabefffcfb0800acab + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/mobile-menu/" + google-query: inurl:"/wp-content/plugins/mobile-menu/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,mobile-menu,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mobile-menu/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mobile-menu" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 2.4', '<= 2.8.3') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-7c665441573b3ae8679503e01b934074.yaml b/nuclei-templates/2023/CVE-2023-33999-7c665441573b3ae8679503e01b934074.yaml new file mode 100644 index 0000000000..f8ef8797c1 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-7c665441573b3ae8679503e01b934074.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-7c665441573b3ae8679503e01b934074 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/woocommerce-google-adwords-conversion-tracking-tag/" + google-query: inurl:"/wp-content/plugins/woocommerce-google-adwords-conversion-tracking-tag/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,woocommerce-google-adwords-conversion-tracking-tag,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-google-adwords-conversion-tracking-tag/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-google-adwords-conversion-tracking-tag" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.6.17', '<= 1.32.2') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-7d90871dd8fa5b86cb9f81737ae3a554.yaml b/nuclei-templates/2023/CVE-2023-33999-7d90871dd8fa5b86cb9f81737ae3a554.yaml new file mode 100644 index 0000000000..8cc25894e6 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-7d90871dd8fa5b86cb9f81737ae3a554.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-7d90871dd8fa5b86cb9f81737ae3a554 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/joli-faq-seo/" + google-query: inurl:"/wp-content/plugins/joli-faq-seo/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,joli-faq-seo,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/joli-faq-seo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "joli-faq-seo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.0.0', '<= 1.3.0') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-7fb6ee750c9ac7f19c262bef775b39e2.yaml b/nuclei-templates/2023/CVE-2023-33999-7fb6ee750c9ac7f19c262bef775b39e2.yaml new file mode 100644 index 0000000000..8f7ee0c6f2 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-7fb6ee750c9ac7f19c262bef775b39e2.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-7fb6ee750c9ac7f19c262bef775b39e2 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/open-user-map/" + google-query: inurl:"/wp-content/plugins/open-user-map/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,open-user-map,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/open-user-map/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "open-user-map" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.14') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-8024714c8e2f53e020d8b7252ba0032a.yaml b/nuclei-templates/2023/CVE-2023-33999-8024714c8e2f53e020d8b7252ba0032a.yaml new file mode 100644 index 0000000000..01e9d3af89 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-8024714c8e2f53e020d8b7252ba0032a.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-8024714c8e2f53e020d8b7252ba0032a + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/graphcomment-comment-system/" + google-query: inurl:"/wp-content/plugins/graphcomment-comment-system/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,graphcomment-comment-system,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/graphcomment-comment-system/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "graphcomment-comment-system" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.4') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-820e8eca1c993f2df58cc8ac0f91780c.yaml b/nuclei-templates/2023/CVE-2023-33999-820e8eca1c993f2df58cc8ac0f91780c.yaml new file mode 100644 index 0000000000..61796733c8 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-820e8eca1c993f2df58cc8ac0f91780c.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-820e8eca1c993f2df58cc8ac0f91780c + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/wp-twilio-core/" + google-query: inurl:"/wp-content/plugins/wp-twilio-core/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,wp-twilio-core,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-twilio-core/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-twilio-core" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.2.1', '<= 1.5.0') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-82755e15ff89a03c31a490d41bab445a.yaml b/nuclei-templates/2023/CVE-2023-33999-82755e15ff89a03c31a490d41bab445a.yaml new file mode 100644 index 0000000000..b480726c57 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-82755e15ff89a03c31a490d41bab445a.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-82755e15ff89a03c31a490d41bab445a + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/overlay-image-divi-module/" + google-query: inurl:"/wp-content/plugins/overlay-image-divi-module/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,overlay-image-divi-module,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/overlay-image-divi-module/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "overlay-image-divi-module" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.2', '<= 1.3.2') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-83390d577b4d7224df9719b348fdb98b.yaml b/nuclei-templates/2023/CVE-2023-33999-83390d577b4d7224df9719b348fdb98b.yaml new file mode 100644 index 0000000000..77e21615b4 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-83390d577b4d7224df9719b348fdb98b.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-83390d577b4d7224df9719b348fdb98b + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/security-ninja/" + google-query: inurl:"/wp-content/plugins/security-ninja/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,security-ninja,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/security-ninja/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "security-ninja" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 5.50', '<= 5.158') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-837ab4237c4bbf1866931f1cfa2038ae.yaml b/nuclei-templates/2023/CVE-2023-33999-837ab4237c4bbf1866931f1cfa2038ae.yaml new file mode 100644 index 0000000000..00e36e87c6 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-837ab4237c4bbf1866931f1cfa2038ae.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-837ab4237c4bbf1866931f1cfa2038ae + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/sv-posts/" + google-query: inurl:"/wp-content/plugins/sv-posts/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,sv-posts,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sv-posts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sv-posts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.00') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-8461e4577ca8d6369b69ad86cc1e7031.yaml b/nuclei-templates/2023/CVE-2023-33999-8461e4577ca8d6369b69ad86cc1e7031.yaml new file mode 100644 index 0000000000..593008f53b --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-8461e4577ca8d6369b69ad86cc1e7031.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-8461e4577ca8d6369b69ad86cc1e7031 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/wp-scrive/" + google-query: inurl:"/wp-content/plugins/wp-scrive/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,wp-scrive,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-scrive/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-scrive" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.3') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-84d762b3ed4b996150b48f75e30ddb8d.yaml b/nuclei-templates/2023/CVE-2023-33999-84d762b3ed4b996150b48f75e30ddb8d.yaml new file mode 100644 index 0000000000..45a105d273 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-84d762b3ed4b996150b48f75e30ddb8d.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-84d762b3ed4b996150b48f75e30ddb8d + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/404-to-301/" + google-query: inurl:"/wp-content/plugins/404-to-301/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,404-to-301,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/404-to-301/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "404-to-301" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.5') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-850eb82f59aed0ed63945e86b7f3550d.yaml b/nuclei-templates/2023/CVE-2023-33999-850eb82f59aed0ed63945e86b7f3550d.yaml new file mode 100644 index 0000000000..0685063aa3 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-850eb82f59aed0ed63945e86b7f3550d.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-850eb82f59aed0ed63945e86b7f3550d + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/current-template-name/" + google-query: inurl:"/wp-content/plugins/current-template-name/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,current-template-name,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/current-template-name/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "current-template-name" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.9') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-8511f94aeaa6e3590e39296d890014c9.yaml b/nuclei-templates/2023/CVE-2023-33999-8511f94aeaa6e3590e39296d890014c9.yaml new file mode 100644 index 0000000000..c273eaeb7d --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-8511f94aeaa6e3590e39296d890014c9.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-8511f94aeaa6e3590e39296d890014c9 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/woo-product-finder/" + google-query: inurl:"/wp-content/plugins/woo-product-finder/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,woo-product-finder,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-product-finder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-product-finder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.4.0', '<= 1.4.1') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-859cfdcecb0e0616b299bd7754d73f24.yaml b/nuclei-templates/2023/CVE-2023-33999-859cfdcecb0e0616b299bd7754d73f24.yaml new file mode 100644 index 0000000000..7cd94b1b3d --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-859cfdcecb0e0616b299bd7754d73f24.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-859cfdcecb0e0616b299bd7754d73f24 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/ultimate-post-kit/" + google-query: inurl:"/wp-content/plugins/ultimate-post-kit/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,ultimate-post-kit,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-post-kit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-post-kit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6.3') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-85e7e7b0b46c837064f94d369193fbb7.yaml b/nuclei-templates/2023/CVE-2023-33999-85e7e7b0b46c837064f94d369193fbb7.yaml new file mode 100644 index 0000000000..3e07d2da60 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-85e7e7b0b46c837064f94d369193fbb7.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-85e7e7b0b46c837064f94d369193fbb7 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/wp-coupons-and-deals/" + google-query: inurl:"/wp-content/plugins/wp-coupons-and-deals/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,wp-coupons-and-deals,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-coupons-and-deals/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-coupons-and-deals" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 2.1.3', '<= 3.1.18') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-87b25731d0875aaee9fb8e664de3d594.yaml b/nuclei-templates/2023/CVE-2023-33999-87b25731d0875aaee9fb8e664de3d594.yaml new file mode 100644 index 0000000000..33984cfd55 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-87b25731d0875aaee9fb8e664de3d594.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-87b25731d0875aaee9fb8e664de3d594 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/themes/everse/" + google-query: inurl:"/wp-content/themes/everse/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-theme,everse,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/everse/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "everse" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 0.1', '<= 1.8.9') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-87eacd80338e39de90ebfea57fe8cb5f.yaml b/nuclei-templates/2023/CVE-2023-33999-87eacd80338e39de90ebfea57fe8cb5f.yaml new file mode 100644 index 0000000000..e856cbadc4 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-87eacd80338e39de90ebfea57fe8cb5f.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-87eacd80338e39de90ebfea57fe8cb5f + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/insert-or-embed-articulate-content-into-wordpress/" + google-query: inurl:"/wp-content/plugins/insert-or-embed-articulate-content-into-wordpress/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,insert-or-embed-articulate-content-into-wordpress,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/insert-or-embed-articulate-content-into-wordpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "insert-or-embed-articulate-content-into-wordpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.3000000020') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-88f2fe00e3c720a2d8d22d19c9beaf83.yaml b/nuclei-templates/2023/CVE-2023-33999-88f2fe00e3c720a2d8d22d19c9beaf83.yaml new file mode 100644 index 0000000000..1c7de77732 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-88f2fe00e3c720a2d8d22d19c9beaf83.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-88f2fe00e3c720a2d8d22d19c9beaf83 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/blockspare/" + google-query: inurl:"/wp-content/plugins/blockspare/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,blockspare,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/blockspare/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "blockspare" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.4') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-8a85069a85d3405a4a368ceb5fbaaaef.yaml b/nuclei-templates/2023/CVE-2023-33999-8a85069a85d3405a4a368ceb5fbaaaef.yaml new file mode 100644 index 0000000000..d48351a20f --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-8a85069a85d3405a4a368ceb5fbaaaef.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-8a85069a85d3405a4a368ceb5fbaaaef + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/themes/aquarella-lite/" + google-query: inurl:"/wp-content/themes/aquarella-lite/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-theme,aquarella-lite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/aquarella-lite/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "aquarella-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.4.2') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-8ab59629fc45ddc2df452e1af704a928.yaml b/nuclei-templates/2023/CVE-2023-33999-8ab59629fc45ddc2df452e1af704a928.yaml new file mode 100644 index 0000000000..d202424325 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-8ab59629fc45ddc2df452e1af704a928.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-8ab59629fc45ddc2df452e1af704a928 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/mass-pagesposts-creator/" + google-query: inurl:"/wp-content/plugins/mass-pagesposts-creator/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,mass-pagesposts-creator,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mass-pagesposts-creator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mass-pagesposts-creator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 2.0.0', '<= 2.1.6') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-8b48d2b73cad852253a0a15e5b2003ce.yaml b/nuclei-templates/2023/CVE-2023-33999-8b48d2b73cad852253a0a15e5b2003ce.yaml new file mode 100644 index 0000000000..ee3ca0ebcf --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-8b48d2b73cad852253a0a15e5b2003ce.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-8b48d2b73cad852253a0a15e5b2003ce + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/notification/" + google-query: inurl:"/wp-content/plugins/notification/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,notification,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/notification/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "notification" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.0.4') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-8b7b5022d8ec2ebea758d9496f4dc7d6.yaml b/nuclei-templates/2023/CVE-2023-33999-8b7b5022d8ec2ebea758d9496f4dc7d6.yaml new file mode 100644 index 0000000000..99ec5629e3 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-8b7b5022d8ec2ebea758d9496f4dc7d6.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-8b7b5022d8ec2ebea758d9496f4dc7d6 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/woo-extra-flat-rate/" + google-query: inurl:"/wp-content/plugins/woo-extra-flat-rate/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,woo-extra-flat-rate,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-extra-flat-rate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-extra-flat-rate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 3.6.1', '<= 4.1.2') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-8c91271b515102ee3802cba9717c7026.yaml b/nuclei-templates/2023/CVE-2023-33999-8c91271b515102ee3802cba9717c7026.yaml new file mode 100644 index 0000000000..f0adba114a --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-8c91271b515102ee3802cba9717c7026.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-8c91271b515102ee3802cba9717c7026 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/starfish-reviews/" + google-query: inurl:"/wp-content/plugins/starfish-reviews/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,starfish-reviews,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/starfish-reviews/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "starfish-reviews" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 2.1.0', '<= 3.0.36') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-8ccd2e0dee7253a7099bf4cf4138e6a0.yaml b/nuclei-templates/2023/CVE-2023-33999-8ccd2e0dee7253a7099bf4cf4138e6a0.yaml new file mode 100644 index 0000000000..bf65a09693 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-8ccd2e0dee7253a7099bf4cf4138e6a0.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-8ccd2e0dee7253a7099bf4cf4138e6a0 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/wc-sms/" + google-query: inurl:"/wp-content/plugins/wc-sms/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,wc-sms,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wc-sms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wc-sms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-8d1de78ea49a238ba3e6691c433cbb90.yaml b/nuclei-templates/2023/CVE-2023-33999-8d1de78ea49a238ba3e6691c433cbb90.yaml new file mode 100644 index 0000000000..5486f9976b --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-8d1de78ea49a238ba3e6691c433cbb90.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-8d1de78ea49a238ba3e6691c433cbb90 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/locations-and-areas/" + google-query: inurl:"/wp-content/plugins/locations-and-areas/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,locations-and-areas,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/locations-and-areas/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "locations-and-areas" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.1') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-90afc5ece1757d1f85dba347bf455f04.yaml b/nuclei-templates/2023/CVE-2023-33999-90afc5ece1757d1f85dba347bf455f04.yaml new file mode 100644 index 0000000000..a7db427f2e --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-90afc5ece1757d1f85dba347bf455f04.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-90afc5ece1757d1f85dba347bf455f04 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/faq-manager-with-structured-data/" + google-query: inurl:"/wp-content/plugins/faq-manager-with-structured-data/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,faq-manager-with-structured-data,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/faq-manager-with-structured-data/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "faq-manager-with-structured-data" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 4.0.0', '<= 5.4.3') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-90ed3f0f56acd6ba8932a6debdf1276a.yaml b/nuclei-templates/2023/CVE-2023-33999-90ed3f0f56acd6ba8932a6debdf1276a.yaml new file mode 100644 index 0000000000..4f455d1914 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-90ed3f0f56acd6ba8932a6debdf1276a.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-90ed3f0f56acd6ba8932a6debdf1276a + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/website-testimonials/" + google-query: inurl:"/wp-content/plugins/website-testimonials/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,website-testimonials,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/website-testimonials/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "website-testimonials" + part: body + + - type: dsl + dsl: + - compare_versions(version, '6.1.0') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-927d40a30e5847687e1e941299c8a9bd.yaml b/nuclei-templates/2023/CVE-2023-33999-927d40a30e5847687e1e941299c8a9bd.yaml new file mode 100644 index 0000000000..7682bac5a6 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-927d40a30e5847687e1e941299c8a9bd.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-927d40a30e5847687e1e941299c8a9bd + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/addons-for-visual-composer/" + google-query: inurl:"/wp-content/plugins/addons-for-visual-composer/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,addons-for-visual-composer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/addons-for-visual-composer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "addons-for-visual-composer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 2.2.1', '<= 3.2') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-92a983e9b908e1bd758d274fa681a41f.yaml b/nuclei-templates/2023/CVE-2023-33999-92a983e9b908e1bd758d274fa681a41f.yaml new file mode 100644 index 0000000000..cd48bd3e43 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-92a983e9b908e1bd758d274fa681a41f.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-92a983e9b908e1bd758d274fa681a41f + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/themes/yuki/" + google-query: inurl:"/wp-content/themes/yuki/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-theme,yuki,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/yuki/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yuki" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.0.0', '<= 1.3.7') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-92edaa8aad578cf73b420b0cb66ab5c9.yaml b/nuclei-templates/2023/CVE-2023-33999-92edaa8aad578cf73b420b0cb66ab5c9.yaml new file mode 100644 index 0000000000..9f78d64443 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-92edaa8aad578cf73b420b0cb66ab5c9.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-92edaa8aad578cf73b420b0cb66ab5c9 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/delicious-recipes/" + google-query: inurl:"/wp-content/plugins/delicious-recipes/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,delicious-recipes,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/delicious-recipes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "delicious-recipes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.2') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-936dbebf96d5f1b1619ac833a64f99f3.yaml b/nuclei-templates/2023/CVE-2023-33999-936dbebf96d5f1b1619ac833a64f99f3.yaml new file mode 100644 index 0000000000..2b2c2b76f0 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-936dbebf96d5f1b1619ac833a64f99f3.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-936dbebf96d5f1b1619ac833a64f99f3 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/wp-sheet-editor-edd-downloads/" + google-query: inurl:"/wp-content/plugins/wp-sheet-editor-edd-downloads/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,wp-sheet-editor-edd-downloads,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-sheet-editor-edd-downloads/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-sheet-editor-edd-downloads" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.0.1', '<= 1.0.60') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-9564040697cc7f8ac10baf312d76ff1f.yaml b/nuclei-templates/2023/CVE-2023-33999-9564040697cc7f8ac10baf312d76ff1f.yaml new file mode 100644 index 0000000000..65247784db --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-9564040697cc7f8ac10baf312d76ff1f.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-9564040697cc7f8ac10baf312d76ff1f + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/the-events-calendar/" + google-query: inurl:"/wp-content/plugins/the-events-calendar/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,the-events-calendar,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/the-events-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "the-events-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 4.9.0', '<= 5.16.4') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-9720454228d026fec5f1b8d6a445c1c8.yaml b/nuclei-templates/2023/CVE-2023-33999-9720454228d026fec5f1b8d6a445c1c8.yaml new file mode 100644 index 0000000000..ad76c9782f --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-9720454228d026fec5f1b8d6a445c1c8.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-9720454228d026fec5f1b8d6a445c1c8 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/gsheetconnector-ninja-forms/" + google-query: inurl:"/wp-content/plugins/gsheetconnector-ninja-forms/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,gsheetconnector-ninja-forms,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gsheetconnector-ninja-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gsheetconnector-ninja-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.7') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-97919958794a67f7f874e5b39d3eb1e5.yaml b/nuclei-templates/2023/CVE-2023-33999-97919958794a67f7f874e5b39d3eb1e5.yaml new file mode 100644 index 0000000000..7208f216c0 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-97919958794a67f7f874e5b39d3eb1e5.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-97919958794a67f7f874e5b39d3eb1e5 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/food-recipes/" + google-query: inurl:"/wp-content/plugins/food-recipes/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,food-recipes,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/food-recipes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "food-recipes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 2.0.0', '<= 2.6.0') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-98b5fe6c715aa5d337ac9e1bc5b0e1dc.yaml b/nuclei-templates/2023/CVE-2023-33999-98b5fe6c715aa5d337ac9e1bc5b0e1dc.yaml new file mode 100644 index 0000000000..d213ac987d --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-98b5fe6c715aa5d337ac9e1bc5b0e1dc.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-98b5fe6c715aa5d337ac9e1bc5b0e1dc + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/ti-woocommerce-wishlist/" + google-query: inurl:"/wp-content/plugins/ti-woocommerce-wishlist/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,ti-woocommerce-wishlist,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ti-woocommerce-wishlist/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ti-woocommerce-wishlist" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.2') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-98f447f6897b1d88ad982b75d0f282bb.yaml b/nuclei-templates/2023/CVE-2023-33999-98f447f6897b1d88ad982b75d0f282bb.yaml new file mode 100644 index 0000000000..2c22423928 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-98f447f6897b1d88ad982b75d0f282bb.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-98f447f6897b1d88ad982b75d0f282bb + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/content-aware-sidebars/" + google-query: inurl:"/wp-content/plugins/content-aware-sidebars/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,content-aware-sidebars,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/content-aware-sidebars/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "content-aware-sidebars" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.19') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-993645a3830fd238937e6fb90b1ae8ee.yaml b/nuclei-templates/2023/CVE-2023-33999-993645a3830fd238937e6fb90b1ae8ee.yaml new file mode 100644 index 0000000000..7045f6b840 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-993645a3830fd238937e6fb90b1ae8ee.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-993645a3830fd238937e6fb90b1ae8ee + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/conditional-logic-for-woo-product-add-ons/" + google-query: inurl:"/wp-content/plugins/conditional-logic-for-woo-product-add-ons/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,conditional-logic-for-woo-product-add-ons,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/conditional-logic-for-woo-product-add-ons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "conditional-logic-for-woo-product-add-ons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.0.0', '<= 1.2.0') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-999faa9c00614c482c8ad76dd481d464.yaml b/nuclei-templates/2023/CVE-2023-33999-999faa9c00614c482c8ad76dd481d464.yaml new file mode 100644 index 0000000000..5564805b98 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-999faa9c00614c482c8ad76dd481d464.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-999faa9c00614c482c8ad76dd481d464 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/login-designer/" + google-query: inurl:"/wp-content/plugins/login-designer/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,login-designer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/login-designer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "login-designer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.6', '<= 1.6.1') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-9c077267946835a85a6cb18284c93802.yaml b/nuclei-templates/2023/CVE-2023-33999-9c077267946835a85a6cb18284c93802.yaml new file mode 100644 index 0000000000..65db4f94e8 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-9c077267946835a85a6cb18284c93802.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-9c077267946835a85a6cb18284c93802 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/auto-featured-image-auto-generated/" + google-query: inurl:"/wp-content/plugins/auto-featured-image-auto-generated/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,auto-featured-image-auto-generated,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/auto-featured-image-auto-generated/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "auto-featured-image-auto-generated" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.3.7', '<= 1.5.4') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-9c39771773eefcf6643c1fb4799ba8a9.yaml b/nuclei-templates/2023/CVE-2023-33999-9c39771773eefcf6643c1fb4799ba8a9.yaml new file mode 100644 index 0000000000..8ea7dc3e0b --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-9c39771773eefcf6643c1fb4799ba8a9.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-9c39771773eefcf6643c1fb4799ba8a9 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/seo-site-auditor-agency/" + google-query: inurl:"/wp-content/plugins/seo-site-auditor-agency/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,seo-site-auditor-agency,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/seo-site-auditor-agency/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "seo-site-auditor-agency" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.0.0', '<= 1.2.8') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-9cc9706da26a960ebcb8af145f83c4e4.yaml b/nuclei-templates/2023/CVE-2023-33999-9cc9706da26a960ebcb8af145f83c4e4.yaml new file mode 100644 index 0000000000..9f74cc8715 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-9cc9706da26a960ebcb8af145f83c4e4.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-9cc9706da26a960ebcb8af145f83c4e4 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/files-download-delay/" + google-query: inurl:"/wp-content/plugins/files-download-delay/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,files-download-delay,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/files-download-delay/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "files-download-delay" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.5') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-9ce4b36d9d4c5bb6521b1cc13580d5e5.yaml b/nuclei-templates/2023/CVE-2023-33999-9ce4b36d9d4c5bb6521b1cc13580d5e5.yaml new file mode 100644 index 0000000000..ff6f4775b4 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-9ce4b36d9d4c5bb6521b1cc13580d5e5.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-9ce4b36d9d4c5bb6521b1cc13580d5e5 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/block-styler-for-gravity-forms/" + google-query: inurl:"/wp-content/plugins/block-styler-for-gravity-forms/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,block-styler-for-gravity-forms,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/block-styler-for-gravity-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "block-styler-for-gravity-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 5.0.0', '<= 6.2.1') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-9d91bc9bafc26db87b5a962659667086.yaml b/nuclei-templates/2023/CVE-2023-33999-9d91bc9bafc26db87b5a962659667086.yaml new file mode 100644 index 0000000000..f92c9a0043 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-9d91bc9bafc26db87b5a962659667086.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-9d91bc9bafc26db87b5a962659667086 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/premmerce-user-roles/" + google-query: inurl:"/wp-content/plugins/premmerce-user-roles/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,premmerce-user-roles,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/premmerce-user-roles/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "premmerce-user-roles" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.0', '<= 1.0.11') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-9d93c870985ef14e2f24238e1e2b10f0.yaml b/nuclei-templates/2023/CVE-2023-33999-9d93c870985ef14e2f24238e1e2b10f0.yaml new file mode 100644 index 0000000000..537010c0f9 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-9d93c870985ef14e2f24238e1e2b10f0.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-9d93c870985ef14e2f24238e1e2b10f0 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/spotlight-social-photo-feeds/" + google-query: inurl:"/wp-content/plugins/spotlight-social-photo-feeds/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,spotlight-social-photo-feeds,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/spotlight-social-photo-feeds/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "spotlight-social-photo-feeds" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 0.2', '<= 1.6') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-9ef1fdc36c187dc1c4e97693cbca7a8c.yaml b/nuclei-templates/2023/CVE-2023-33999-9ef1fdc36c187dc1c4e97693cbca7a8c.yaml new file mode 100644 index 0000000000..7f0c29442e --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-9ef1fdc36c187dc1c4e97693cbca7a8c.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-9ef1fdc36c187dc1c4e97693cbca7a8c + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/themes/meridia/" + google-query: inurl:"/wp-content/themes/meridia/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-theme,meridia,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/meridia/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "meridia" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.0.0', '<= 2.2.7') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-9f5f02775c82b27ff46984e2929a2f2b.yaml b/nuclei-templates/2023/CVE-2023-33999-9f5f02775c82b27ff46984e2929a2f2b.yaml new file mode 100644 index 0000000000..4e642db5dd --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-9f5f02775c82b27ff46984e2929a2f2b.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-9f5f02775c82b27ff46984e2929a2f2b + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/block-options/" + google-query: inurl:"/wp-content/plugins/block-options/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,block-options,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/block-options/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "block-options" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.16') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-9fd7b7d652120f0e67b6216490f929a6.yaml b/nuclei-templates/2023/CVE-2023-33999-9fd7b7d652120f0e67b6216490f929a6.yaml new file mode 100644 index 0000000000..426f3cbe7e --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-9fd7b7d652120f0e67b6216490f929a6.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-9fd7b7d652120f0e67b6216490f929a6 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/contact-form-7-skins/" + google-query: inurl:"/wp-content/plugins/contact-form-7-skins/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,contact-form-7-skins,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-7-skins/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-7-skins" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-a07b668a3dc138fa2662905f017cc49b.yaml b/nuclei-templates/2023/CVE-2023-33999-a07b668a3dc138fa2662905f017cc49b.yaml new file mode 100644 index 0000000000..ed78727df5 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-a07b668a3dc138fa2662905f017cc49b.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-a07b668a3dc138fa2662905f017cc49b + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/radio-player/" + google-query: inurl:"/wp-content/plugins/radio-player/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,radio-player,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/radio-player/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "radio-player" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.0.2', '<= 2.0.4') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-a2b0f3e307a31ea693c76bdbbbd5d481.yaml b/nuclei-templates/2023/CVE-2023-33999-a2b0f3e307a31ea693c76bdbbbd5d481.yaml new file mode 100644 index 0000000000..7815bdcdf4 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-a2b0f3e307a31ea693c76bdbbbd5d481.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-a2b0f3e307a31ea693c76bdbbbd5d481 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/acf-blocks/" + google-query: inurl:"/wp-content/plugins/acf-blocks/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,acf-blocks,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/acf-blocks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "acf-blocks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.0.0', '<= 2.6.9') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-a32a11dd4f6199f3c483e62bb26b373b.yaml b/nuclei-templates/2023/CVE-2023-33999-a32a11dd4f6199f3c483e62bb26b373b.yaml new file mode 100644 index 0000000000..146b4f1b51 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-a32a11dd4f6199f3c483e62bb26b373b.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-a32a11dd4f6199f3c483e62bb26b373b + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/search-field-for-gravity-forms/" + google-query: inurl:"/wp-content/plugins/search-field-for-gravity-forms/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,search-field-for-gravity-forms,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/search-field-for-gravity-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "search-field-for-gravity-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.5') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-a3620325abec2705d63ec734ba1a2e2d.yaml b/nuclei-templates/2023/CVE-2023-33999-a3620325abec2705d63ec734ba1a2e2d.yaml new file mode 100644 index 0000000000..f0a9748990 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-a3620325abec2705d63ec734ba1a2e2d.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-a3620325abec2705d63ec734ba1a2e2d + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/wc-product-author/" + google-query: inurl:"/wp-content/plugins/wc-product-author/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,wc-product-author,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wc-product-author/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wc-product-author" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.3') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-a4876cede1aa20620afd80323d8366b0.yaml b/nuclei-templates/2023/CVE-2023-33999-a4876cede1aa20620afd80323d8366b0.yaml new file mode 100644 index 0000000000..2f57ca9eae --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-a4876cede1aa20620afd80323d8366b0.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-a4876cede1aa20620afd80323d8366b0 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/powerpack-addon-for-beaver-builder/" + google-query: inurl:"/wp-content/plugins/powerpack-addon-for-beaver-builder/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,powerpack-addon-for-beaver-builder,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/powerpack-addon-for-beaver-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "powerpack-addon-for-beaver-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.9') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-a56bd2ad97c9824c62dea27d7d73ab70.yaml b/nuclei-templates/2023/CVE-2023-33999-a56bd2ad97c9824c62dea27d7d73ab70.yaml new file mode 100644 index 0000000000..6fe9ed98fb --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-a56bd2ad97c9824c62dea27d7d73ab70.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-a56bd2ad97c9824c62dea27d7d73ab70 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/easy-facebook-likebox/" + google-query: inurl:"/wp-content/plugins/easy-facebook-likebox/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,easy-facebook-likebox,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-facebook-likebox/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-facebook-likebox" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 4.3.1', '<= 6.4.9') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-a662c58af0c44f98d5fe2676dc20de8e.yaml b/nuclei-templates/2023/CVE-2023-33999-a662c58af0c44f98d5fe2676dc20de8e.yaml new file mode 100644 index 0000000000..4dc41fc4f2 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-a662c58af0c44f98d5fe2676dc20de8e.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-a662c58af0c44f98d5fe2676dc20de8e + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/salon-booking-system/" + google-query: inurl:"/wp-content/plugins/salon-booking-system/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,salon-booking-system,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/salon-booking-system/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "salon-booking-system" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.4.8') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-a7bd6d8903613d318eaeeb2f2bb28d4f.yaml b/nuclei-templates/2023/CVE-2023-33999-a7bd6d8903613d318eaeeb2f2bb28d4f.yaml new file mode 100644 index 0000000000..e6bf7e8326 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-a7bd6d8903613d318eaeeb2f2bb28d4f.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-a7bd6d8903613d318eaeeb2f2bb28d4f + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/foobar-notifications-lite/" + google-query: inurl:"/wp-content/plugins/foobar-notifications-lite/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,foobar-notifications-lite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/foobar-notifications-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "foobar-notifications-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 2.0.3', '<= 2.1.27') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-a7ec3397beff238e27a0f42b920c534b.yaml b/nuclei-templates/2023/CVE-2023-33999-a7ec3397beff238e27a0f42b920c534b.yaml new file mode 100644 index 0000000000..e0498ac84b --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-a7ec3397beff238e27a0f42b920c534b.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-a7ec3397beff238e27a0f42b920c534b + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/spice-blocks/" + google-query: inurl:"/wp-content/plugins/spice-blocks/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,spice-blocks,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/spice-blocks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "spice-blocks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 0.3', '<= 1.2.1') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-a7fa4e64b68041aab658579e88cceb0c.yaml b/nuclei-templates/2023/CVE-2023-33999-a7fa4e64b68041aab658579e88cceb0c.yaml new file mode 100644 index 0000000000..af7d6a5f18 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-a7fa4e64b68041aab658579e88cceb0c.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-a7fa4e64b68041aab658579e88cceb0c + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/multilevel-referral-plugin-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/multilevel-referral-plugin-for-woocommerce/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,multilevel-referral-plugin-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/multilevel-referral-plugin-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "multilevel-referral-plugin-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '2.22') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-aa5244583fafc92468ae05d0122815fb.yaml b/nuclei-templates/2023/CVE-2023-33999-aa5244583fafc92468ae05d0122815fb.yaml new file mode 100644 index 0000000000..5709ec9e3a --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-aa5244583fafc92468ae05d0122815fb.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-aa5244583fafc92468ae05d0122815fb + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/preloader-plus/" + google-query: inurl:"/wp-content/plugins/preloader-plus/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,preloader-plus,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/preloader-plus/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "preloader-plus" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.2') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-aa76dbdf3f1c67af3d7e7a327f99094b.yaml b/nuclei-templates/2023/CVE-2023-33999-aa76dbdf3f1c67af3d7e7a327f99094b.yaml new file mode 100644 index 0000000000..b1a408a57c --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-aa76dbdf3f1c67af3d7e7a327f99094b.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-aa76dbdf3f1c67af3d7e7a327f99094b + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/blockmeister/" + google-query: inurl:"/wp-content/plugins/blockmeister/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,blockmeister,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/blockmeister/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "blockmeister" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 3.0.0', '<= 3.1.9') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-ab283f797535a88d42e0e64cf4621436.yaml b/nuclei-templates/2023/CVE-2023-33999-ab283f797535a88d42e0e64cf4621436.yaml new file mode 100644 index 0000000000..4f34bbe669 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-ab283f797535a88d42e0e64cf4621436.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-ab283f797535a88d42e0e64cf4621436 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/post-smtp/" + google-query: inurl:"/wp-content/plugins/post-smtp/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,post-smtp,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/post-smtp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "post-smtp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 2.1.2-beta.1', '<= 2.5.7') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-ab3fda15176c6ca5bd062e530a771199.yaml b/nuclei-templates/2023/CVE-2023-33999-ab3fda15176c6ca5bd062e530a771199.yaml new file mode 100644 index 0000000000..aea5202ead --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-ab3fda15176c6ca5bd062e530a771199.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-ab3fda15176c6ca5bd062e530a771199 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/external-media-upload/" + google-query: inurl:"/wp-content/plugins/external-media-upload/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,external-media-upload,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/external-media-upload/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "external-media-upload" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.3') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-abb81e840f1c133c9c83568263fd4237.yaml b/nuclei-templates/2023/CVE-2023-33999-abb81e840f1c133c9c83568263fd4237.yaml new file mode 100644 index 0000000000..a6e621dbea --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-abb81e840f1c133c9c83568263fd4237.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-abb81e840f1c133c9c83568263fd4237 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/advanced-nocaptcha-recaptcha/" + google-query: inurl:"/wp-content/plugins/advanced-nocaptcha-recaptcha/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,advanced-nocaptcha-recaptcha,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-nocaptcha-recaptcha/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-nocaptcha-recaptcha" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.0.5') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-af3b03feb36f85c778d3912da2382cc7.yaml b/nuclei-templates/2023/CVE-2023-33999-af3b03feb36f85c778d3912da2382cc7.yaml new file mode 100644 index 0000000000..1cccbd98d7 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-af3b03feb36f85c778d3912da2382cc7.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-af3b03feb36f85c778d3912da2382cc7 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/delete-old-posts-programmatically/" + google-query: inurl:"/wp-content/plugins/delete-old-posts-programmatically/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,delete-old-posts-programmatically,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/delete-old-posts-programmatically/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "delete-old-posts-programmatically" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.2') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-b04d62d9a7f31bce550e5a4cc6e78f0d.yaml b/nuclei-templates/2023/CVE-2023-33999-b04d62d9a7f31bce550e5a4cc6e78f0d.yaml new file mode 100644 index 0000000000..e880933f1d --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-b04d62d9a7f31bce550e5a4cc6e78f0d.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-b04d62d9a7f31bce550e5a4cc6e78f0d + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/kk-star-ratings/" + google-query: inurl:"/wp-content/plugins/kk-star-ratings/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,kk-star-ratings,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/kk-star-ratings/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "kk-star-ratings" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 3.0.0', '<= 5.4.4') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-b0b79d88a74a3154ff4d7734697de0a0.yaml b/nuclei-templates/2023/CVE-2023-33999-b0b79d88a74a3154ff4d7734697de0a0.yaml new file mode 100644 index 0000000000..d26d22b753 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-b0b79d88a74a3154ff4d7734697de0a0.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-b0b79d88a74a3154ff4d7734697de0a0 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/woo-conditional-product-fees-for-checkout/" + google-query: inurl:"/wp-content/plugins/woo-conditional-product-fees-for-checkout/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,woo-conditional-product-fees-for-checkout,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-conditional-product-fees-for-checkout/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-conditional-product-fees-for-checkout" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 3.1', '<= 3.9.3.1') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-b15796aba1ce3cbbcf8759603f78c90e.yaml b/nuclei-templates/2023/CVE-2023-33999-b15796aba1ce3cbbcf8759603f78c90e.yaml new file mode 100644 index 0000000000..9a91643b14 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-b15796aba1ce3cbbcf8759603f78c90e.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-b15796aba1ce3cbbcf8759603f78c90e + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/menu-image/" + google-query: inurl:"/wp-content/plugins/menu-image/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,menu-image,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/menu-image/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "menu-image" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 2.9.2', '<= 3.0.9') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-b164be16dd551f8d22644849a68ad1d4.yaml b/nuclei-templates/2023/CVE-2023-33999-b164be16dd551f8d22644849a68ad1d4.yaml new file mode 100644 index 0000000000..3961b4d754 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-b164be16dd551f8d22644849a68ad1d4.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-b164be16dd551f8d22644849a68ad1d4 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/themes/ona/" + google-query: inurl:"/wp-content/themes/ona/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-theme,ona,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/ona/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ona" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.1', '<= 1.18.1') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-b2a96bedc519fa017c0c79265769c046.yaml b/nuclei-templates/2023/CVE-2023-33999-b2a96bedc519fa017c0c79265769c046.yaml new file mode 100644 index 0000000000..c78bf28847 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-b2a96bedc519fa017c0c79265769c046.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-b2a96bedc519fa017c0c79265769c046 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/commerce-coinbase-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/commerce-coinbase-for-woocommerce/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,commerce-coinbase-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/commerce-coinbase-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "commerce-coinbase-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.14') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-b39e9834ee909fd338942985ffe7af5a.yaml b/nuclei-templates/2023/CVE-2023-33999-b39e9834ee909fd338942985ffe7af5a.yaml new file mode 100644 index 0000000000..1ab71a52e2 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-b39e9834ee909fd338942985ffe7af5a.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-b39e9834ee909fd338942985ffe7af5a + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/wp-openagenda/" + google-query: inurl:"/wp-content/plugins/wp-openagenda/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,wp-openagenda,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-openagenda/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-openagenda" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.12') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-b46c659aea3233b7f1fa2395d1ffcdce.yaml b/nuclei-templates/2023/CVE-2023-33999-b46c659aea3233b7f1fa2395d1ffcdce.yaml index e63749437c..99e03984ae 100644 --- a/nuclei-templates/2023/CVE-2023-33999-b46c659aea3233b7f1fa2395d1ffcdce.yaml +++ b/nuclei-templates/2023/CVE-2023-33999-b46c659aea3233b7f1fa2395d1ffcdce.yaml @@ -15,17 +15,17 @@ info: cvss-score: 6.1 cve-id: CVE-2023-33999 metadata: - fofa-query: "wp-content/plugins/reader-mode/" - google-query: inurl:"/wp-content/plugins/reader-mode/" + fofa-query: "wp-content/plugins/wp-automedic/" + google-query: inurl:"/wp-content/plugins/wp-automedic/" shodan-query: 'vuln:CVE-2023-33999' - tags: cve,wordpress,wp-plugin,reader-mode,medium + tags: cve,wordpress,wp-plugin,wp-automedic,medium http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/reader-mode/readme.txt" + - "{{BaseURL}}/wp-content/plugins/wp-automedic/readme.txt" extractors: - type: regex @@ -51,9 +51,9 @@ http: - type: word words: - - "reader-mode" + - "wp-automedic" part: body - type: dsl dsl: - - compare_versions(version, '1.0.0') \ No newline at end of file + - compare_versions(version, '>= 1.4.0', '<= 1.5.6') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-b5e0d29e69440254fbdeac4d57d5d615.yaml b/nuclei-templates/2023/CVE-2023-33999-b5e0d29e69440254fbdeac4d57d5d615.yaml new file mode 100644 index 0000000000..a3cf46e420 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-b5e0d29e69440254fbdeac4d57d5d615.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-b5e0d29e69440254fbdeac4d57d5d615 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/wptools-masonry-gallery-posts-for-divi/" + google-query: inurl:"/wp-content/plugins/wptools-masonry-gallery-posts-for-divi/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,wptools-masonry-gallery-posts-for-divi,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wptools-masonry-gallery-posts-for-divi/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wptools-masonry-gallery-posts-for-divi" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 3.0.0', '<= 3.5.0') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-b5ee8500ee8876f2352b894d62873b48.yaml b/nuclei-templates/2023/CVE-2023-33999-b5ee8500ee8876f2352b894d62873b48.yaml new file mode 100644 index 0000000000..857eea2c6f --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-b5ee8500ee8876f2352b894d62873b48.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-b5ee8500ee8876f2352b894d62873b48 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/anycomment/" + google-query: inurl:"/wp-content/plugins/anycomment/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,anycomment,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/anycomment/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "anycomment" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.0.98') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-b69880a17610c743ed6f1438f40bd2e3.yaml b/nuclei-templates/2023/CVE-2023-33999-b69880a17610c743ed6f1438f40bd2e3.yaml new file mode 100644 index 0000000000..e6316a8004 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-b69880a17610c743ed6f1438f40bd2e3.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-b69880a17610c743ed6f1438f40bd2e3 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/studiocart/" + google-query: inurl:"/wp-content/plugins/studiocart/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,studiocart,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/studiocart/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "studiocart" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.0.2', '<= 2.5.11') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-b7184bf379a43a1532ea4c6fa90fa153.yaml b/nuclei-templates/2023/CVE-2023-33999-b7184bf379a43a1532ea4c6fa90fa153.yaml new file mode 100644 index 0000000000..44e9f8dceb --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-b7184bf379a43a1532ea4c6fa90fa153.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-b7184bf379a43a1532ea4c6fa90fa153 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/form-vibes/" + google-query: inurl:"/wp-content/plugins/form-vibes/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,form-vibes,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/form-vibes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "form-vibes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.8') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-b7a75865f6d9bbb8855b044bf57d9528.yaml b/nuclei-templates/2023/CVE-2023-33999-b7a75865f6d9bbb8855b044bf57d9528.yaml new file mode 100644 index 0000000000..8f225ad390 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-b7a75865f6d9bbb8855b044bf57d9528.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-b7a75865f6d9bbb8855b044bf57d9528 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/addon-elements-for-elementor-page-builder/" + google-query: inurl:"/wp-content/plugins/addon-elements-for-elementor-page-builder/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,addon-elements-for-elementor-page-builder,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/addon-elements-for-elementor-page-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "addon-elements-for-elementor-page-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.11.16') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-b7b2e437e3e1e61d5f18c69f7e257ede.yaml b/nuclei-templates/2023/CVE-2023-33999-b7b2e437e3e1e61d5f18c69f7e257ede.yaml new file mode 100644 index 0000000000..c5732a5fc2 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-b7b2e437e3e1e61d5f18c69f7e257ede.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-b7b2e437e3e1e61d5f18c69f7e257ede + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/wp-munich-blocks/" + google-query: inurl:"/wp-content/plugins/wp-munich-blocks/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,wp-munich-blocks,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-munich-blocks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-munich-blocks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.10.1') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-b7ba1765c9a0f49de1698b48d95a9287.yaml b/nuclei-templates/2023/CVE-2023-33999-b7ba1765c9a0f49de1698b48d95a9287.yaml new file mode 100644 index 0000000000..5c6e4bbd4d --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-b7ba1765c9a0f49de1698b48d95a9287.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-b7ba1765c9a0f49de1698b48d95a9287 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/information-for-help/" + google-query: inurl:"/wp-content/plugins/information-for-help/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,information-for-help,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/information-for-help/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "information-for-help" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.0.2') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-b9cc25882f4b3650dfc58526b8a4cf6b.yaml b/nuclei-templates/2023/CVE-2023-33999-b9cc25882f4b3650dfc58526b8a4cf6b.yaml new file mode 100644 index 0000000000..1587815e3b --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-b9cc25882f4b3650dfc58526b8a4cf6b.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-b9cc25882f4b3650dfc58526b8a4cf6b + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/woo-conditional-discount-rules-for-checkout/" + google-query: inurl:"/wp-content/plugins/woo-conditional-discount-rules-for-checkout/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,woo-conditional-discount-rules-for-checkout,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-conditional-discount-rules-for-checkout/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-conditional-discount-rules-for-checkout" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 2.0.0', '<= 2.3.3') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-ba4796cf3281c13a162dda469d75d7f3.yaml b/nuclei-templates/2023/CVE-2023-33999-ba4796cf3281c13a162dda469d75d7f3.yaml new file mode 100644 index 0000000000..d52d5c4643 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-ba4796cf3281c13a162dda469d75d7f3.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-ba4796cf3281c13a162dda469d75d7f3 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/wp-facebook-reviews/" + google-query: inurl:"/wp-content/plugins/wp-facebook-reviews/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,wp-facebook-reviews,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-facebook-reviews/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-facebook-reviews" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-bb6c0cc036499900d58e8ecfbfa1266f.yaml b/nuclei-templates/2023/CVE-2023-33999-bb6c0cc036499900d58e8ecfbfa1266f.yaml new file mode 100644 index 0000000000..6dd41138ee --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-bb6c0cc036499900d58e8ecfbfa1266f.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-bb6c0cc036499900d58e8ecfbfa1266f + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/easync-booking/" + google-query: inurl:"/wp-content/plugins/easync-booking/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,easync-booking,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easync-booking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easync-booking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.1.5', '<= 1.3.6') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-bb86b5f0ba5a01ff8b4508679b8a4461.yaml b/nuclei-templates/2023/CVE-2023-33999-bb86b5f0ba5a01ff8b4508679b8a4461.yaml new file mode 100644 index 0000000000..648c04fabc --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-bb86b5f0ba5a01ff8b4508679b8a4461.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-bb86b5f0ba5a01ff8b4508679b8a4461 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/variable-inspector/" + google-query: inurl:"/wp-content/plugins/variable-inspector/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,variable-inspector,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/variable-inspector/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "variable-inspector" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.0') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-bc451e342760b7c01a76b45e8d5e4cec.yaml b/nuclei-templates/2023/CVE-2023-33999-bc451e342760b7c01a76b45e8d5e4cec.yaml new file mode 100644 index 0000000000..0b51b07bee --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-bc451e342760b7c01a76b45e8d5e4cec.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-bc451e342760b7c01a76b45e8d5e4cec + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/static-html-output-plugin/" + google-query: inurl:"/wp-content/plugins/static-html-output-plugin/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,static-html-output-plugin,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/static-html-output-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "static-html-output-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.8') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-bd63330945371b9eb65c76c0ac12bb2c.yaml b/nuclei-templates/2023/CVE-2023-33999-bd63330945371b9eb65c76c0ac12bb2c.yaml new file mode 100644 index 0000000000..7996a40407 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-bd63330945371b9eb65c76c0ac12bb2c.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-bd63330945371b9eb65c76c0ac12bb2c + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/rt-easy-builder-advanced-addons-for-elementor/" + google-query: inurl:"/wp-content/plugins/rt-easy-builder-advanced-addons-for-elementor/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,rt-easy-builder-advanced-addons-for-elementor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rt-easy-builder-advanced-addons-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rt-easy-builder-advanced-addons-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-be560d7a8be63428505d521be1b5224e.yaml b/nuclei-templates/2023/CVE-2023-33999-be560d7a8be63428505d521be1b5224e.yaml new file mode 100644 index 0000000000..d8934e5888 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-be560d7a8be63428505d521be1b5224e.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-be560d7a8be63428505d521be1b5224e + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/mmt-eventon-exim-lite/" + google-query: inurl:"/wp-content/plugins/mmt-eventon-exim-lite/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,mmt-eventon-exim-lite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mmt-eventon-exim-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mmt-eventon-exim-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.1') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-bef79d72921de2b50ec483093de2f34b.yaml b/nuclei-templates/2023/CVE-2023-33999-bef79d72921de2b50ec483093de2f34b.yaml new file mode 100644 index 0000000000..ce60462c39 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-bef79d72921de2b50ec483093de2f34b.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-bef79d72921de2b50ec483093de2f34b + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/printus-cloud-printing-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/printus-cloud-printing-for-woocommerce/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,printus-cloud-printing-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/printus-cloud-printing-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "printus-cloud-printing-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.0.0', '<= 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-bf262ecf8decaae8e6d30f77ddf24eca.yaml b/nuclei-templates/2023/CVE-2023-33999-bf262ecf8decaae8e6d30f77ddf24eca.yaml new file mode 100644 index 0000000000..b4cc0296c8 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-bf262ecf8decaae8e6d30f77ddf24eca.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-bf262ecf8decaae8e6d30f77ddf24eca + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/gallery-bank/" + google-query: inurl:"/wp-content/plugins/gallery-bank/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,gallery-bank,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gallery-bank/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gallery-bank" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.18') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-bf65bfaaf44875f27d8f946e402ba7bc.yaml b/nuclei-templates/2023/CVE-2023-33999-bf65bfaaf44875f27d8f946e402ba7bc.yaml new file mode 100644 index 0000000000..f83cd6dca9 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-bf65bfaaf44875f27d8f946e402ba7bc.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-bf65bfaaf44875f27d8f946e402ba7bc + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/convoworks-wp/" + google-query: inurl:"/wp-content/plugins/convoworks-wp/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,convoworks-wp,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/convoworks-wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "convoworks-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.22.14') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-bf96f3303b70ff8d5f4151bbef0d1ef8.yaml b/nuclei-templates/2023/CVE-2023-33999-bf96f3303b70ff8d5f4151bbef0d1ef8.yaml new file mode 100644 index 0000000000..bceb55d3d0 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-bf96f3303b70ff8d5f4151bbef0d1ef8.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-bf96f3303b70ff8d5f4151bbef0d1ef8 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/wpide/" + google-query: inurl:"/wp-content/plugins/wpide/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,wpide,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpide/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpide" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 3.0', '<= 3.4.6') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-c0520af49f9f10b6d83e6cc7f9750fe4.yaml b/nuclei-templates/2023/CVE-2023-33999-c0520af49f9f10b6d83e6cc7f9750fe4.yaml new file mode 100644 index 0000000000..c3360b7d03 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-c0520af49f9f10b6d83e6cc7f9750fe4.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-c0520af49f9f10b6d83e6cc7f9750fe4 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/layouts-importer/" + google-query: inurl:"/wp-content/plugins/layouts-importer/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,layouts-importer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/layouts-importer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "layouts-importer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.2') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-c55ecd55020477ece729319964c54426.yaml b/nuclei-templates/2023/CVE-2023-33999-c55ecd55020477ece729319964c54426.yaml new file mode 100644 index 0000000000..d8f876ba7d --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-c55ecd55020477ece729319964c54426.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-c55ecd55020477ece729319964c54426 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/wp-sheet-editor-bulk-spreadsheet-editor-for-posts-and-pages/" + google-query: inurl:"/wp-content/plugins/wp-sheet-editor-bulk-spreadsheet-editor-for-posts-and-pages/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,wp-sheet-editor-bulk-spreadsheet-editor-for-posts-and-pages,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-sheet-editor-bulk-spreadsheet-editor-for-posts-and-pages/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-sheet-editor-bulk-spreadsheet-editor-for-posts-and-pages" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.4.3', '<= 2.25.2') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-c55fce91152fe38ee58f19fcd442bfd6.yaml b/nuclei-templates/2023/CVE-2023-33999-c55fce91152fe38ee58f19fcd442bfd6.yaml new file mode 100644 index 0000000000..34131e8095 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-c55fce91152fe38ee58f19fcd442bfd6.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-c55fce91152fe38ee58f19fcd442bfd6 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/kenta-companion/" + google-query: inurl:"/wp-content/plugins/kenta-companion/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,kenta-companion,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/kenta-companion/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "kenta-companion" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.0.0', '<= 1.1.8') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-c635c68d50779a47eb5cf90d2ab22279.yaml b/nuclei-templates/2023/CVE-2023-33999-c635c68d50779a47eb5cf90d2ab22279.yaml new file mode 100644 index 0000000000..2f332dab50 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-c635c68d50779a47eb5cf90d2ab22279.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-c635c68d50779a47eb5cf90d2ab22279 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/wp-structured-data-schema/" + google-query: inurl:"/wp-content/plugins/wp-structured-data-schema/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,wp-structured-data-schema,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-structured-data-schema/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-structured-data-schema" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 3.5.0', '<= 4.0.2') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-c7f353e316e0a812dcf19f3586543d13.yaml b/nuclei-templates/2023/CVE-2023-33999-c7f353e316e0a812dcf19f3586543d13.yaml new file mode 100644 index 0000000000..0e09ec9c79 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-c7f353e316e0a812dcf19f3586543d13.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-c7f353e316e0a812dcf19f3586543d13 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/forms-to-zapier/" + google-query: inurl:"/wp-content/plugins/forms-to-zapier/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,forms-to-zapier,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/forms-to-zapier/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "forms-to-zapier" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.11') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-c86629f0df880dcb1042f79696cb68e6.yaml b/nuclei-templates/2023/CVE-2023-33999-c86629f0df880dcb1042f79696cb68e6.yaml new file mode 100644 index 0000000000..b3c971860b --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-c86629f0df880dcb1042f79696cb68e6.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-c86629f0df880dcb1042f79696cb68e6 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/display-admin-page-on-frontend/" + google-query: inurl:"/wp-content/plugins/display-admin-page-on-frontend/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,display-admin-page-on-frontend,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/display-admin-page-on-frontend/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "display-admin-page-on-frontend" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.0.0', '<= 1.20.0') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-c9b76b5765fe61bb7eca8a9d350bb00d.yaml b/nuclei-templates/2023/CVE-2023-33999-c9b76b5765fe61bb7eca8a9d350bb00d.yaml new file mode 100644 index 0000000000..2ced9e70e8 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-c9b76b5765fe61bb7eca8a9d350bb00d.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-c9b76b5765fe61bb7eca8a9d350bb00d + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/woosquare/" + google-query: inurl:"/wp-content/plugins/woosquare/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,woosquare,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woosquare/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woosquare" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.5', '<= 4.2.8') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-cb33c2eee2a312ee29b864f84dd252bb.yaml b/nuclei-templates/2023/CVE-2023-33999-cb33c2eee2a312ee29b864f84dd252bb.yaml new file mode 100644 index 0000000000..6936356114 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-cb33c2eee2a312ee29b864f84dd252bb.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-cb33c2eee2a312ee29b864f84dd252bb + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/bulk-edit-user-profiles-in-spreadsheet/" + google-query: inurl:"/wp-content/plugins/bulk-edit-user-profiles-in-spreadsheet/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,bulk-edit-user-profiles-in-spreadsheet,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bulk-edit-user-profiles-in-spreadsheet/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bulk-edit-user-profiles-in-spreadsheet" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.0.1', '<= 1.5.23') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-cbff176d753fb5d37266f01920558386.yaml b/nuclei-templates/2023/CVE-2023-33999-cbff176d753fb5d37266f01920558386.yaml new file mode 100644 index 0000000000..754bdb788e --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-cbff176d753fb5d37266f01920558386.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-cbff176d753fb5d37266f01920558386 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/justified-gallery/" + google-query: inurl:"/wp-content/plugins/justified-gallery/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,justified-gallery,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/justified-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "justified-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.2.1', '<= 1.7.3') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-cd956782c2e3f8216a5a943e8903d223.yaml b/nuclei-templates/2023/CVE-2023-33999-cd956782c2e3f8216a5a943e8903d223.yaml new file mode 100644 index 0000000000..e30ff13ba8 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-cd956782c2e3f8216a5a943e8903d223.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-cd956782c2e3f8216a5a943e8903d223 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/ether-and-erc20-tokens-woocommerce-payment-gateway/" + google-query: inurl:"/wp-content/plugins/ether-and-erc20-tokens-woocommerce-payment-gateway/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,ether-and-erc20-tokens-woocommerce-payment-gateway,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ether-and-erc20-tokens-woocommerce-payment-gateway/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ether-and-erc20-tokens-woocommerce-payment-gateway" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 3.0.0', '<= 4.12.12') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-ceee6236f49be908c2dc651b60f222ce.yaml b/nuclei-templates/2023/CVE-2023-33999-ceee6236f49be908c2dc651b60f222ce.yaml new file mode 100644 index 0000000000..59fb700811 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-ceee6236f49be908c2dc651b60f222ce.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-ceee6236f49be908c2dc651b60f222ce + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/cf7-styler/" + google-query: inurl:"/wp-content/plugins/cf7-styler/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,cf7-styler,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cf7-styler/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cf7-styler" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.3') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-cfe7a1fef5f7eeda65a9805195f62a86.yaml b/nuclei-templates/2023/CVE-2023-33999-cfe7a1fef5f7eeda65a9805195f62a86.yaml new file mode 100644 index 0000000000..1e3931ec48 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-cfe7a1fef5f7eeda65a9805195f62a86.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-cfe7a1fef5f7eeda65a9805195f62a86 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/themes/edupress/" + google-query: inurl:"/wp-content/themes/edupress/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-theme,edupress,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/edupress/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "edupress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.2') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-d183e3fab3f1ce0e65d6b052d20d21e6.yaml b/nuclei-templates/2023/CVE-2023-33999-d183e3fab3f1ce0e65d6b052d20d21e6.yaml new file mode 100644 index 0000000000..3be9727375 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-d183e3fab3f1ce0e65d6b052d20d21e6.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-d183e3fab3f1ce0e65d6b052d20d21e6 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/independent-analytics/" + google-query: inurl:"/wp-content/plugins/independent-analytics/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,independent-analytics,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/independent-analytics/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "independent-analytics" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.25.0') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-d61764904414bfb2298b93cc316a52dd.yaml b/nuclei-templates/2023/CVE-2023-33999-d61764904414bfb2298b93cc316a52dd.yaml new file mode 100644 index 0000000000..babf693e30 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-d61764904414bfb2298b93cc316a52dd.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-d61764904414bfb2298b93cc316a52dd + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/giveasap/" + google-query: inurl:"/wp-content/plugins/giveasap/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,giveasap,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/giveasap/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "giveasap" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.46.0') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-d672f974bbd39c6c8e7b3af768663a37.yaml b/nuclei-templates/2023/CVE-2023-33999-d672f974bbd39c6c8e7b3af768663a37.yaml new file mode 100644 index 0000000000..702d36a419 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-d672f974bbd39c6c8e7b3af768663a37.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-d672f974bbd39c6c8e7b3af768663a37 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/surbma-gdpr-proof-google-analytics/" + google-query: inurl:"/wp-content/plugins/surbma-gdpr-proof-google-analytics/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,surbma-gdpr-proof-google-analytics,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/surbma-gdpr-proof-google-analytics/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "surbma-gdpr-proof-google-analytics" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 3.0', '<= 17.7.0') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-d6984be7530664ec8214255ae7a8e01e.yaml b/nuclei-templates/2023/CVE-2023-33999-d6984be7530664ec8214255ae7a8e01e.yaml new file mode 100644 index 0000000000..b929573355 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-d6984be7530664ec8214255ae7a8e01e.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-d6984be7530664ec8214255ae7a8e01e + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/demomentsomtres-wp-export/" + google-query: inurl:"/wp-content/plugins/demomentsomtres-wp-export/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,demomentsomtres-wp-export,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/demomentsomtres-wp-export/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "demomentsomtres-wp-export" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-d6a1d0977b573ed832f8b60baa28e60d.yaml b/nuclei-templates/2023/CVE-2023-33999-d6a1d0977b573ed832f8b60baa28e60d.yaml new file mode 100644 index 0000000000..98aff2ffa8 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-d6a1d0977b573ed832f8b60baa28e60d.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-d6a1d0977b573ed832f8b60baa28e60d + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/themes/medicpress-lite/" + google-query: inurl:"/wp-content/themes/medicpress-lite/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-theme,medicpress-lite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/medicpress-lite/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "medicpress-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.8.4') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-d6f4b3b72641901c77ae56bba189fd6a.yaml b/nuclei-templates/2023/CVE-2023-33999-d6f4b3b72641901c77ae56bba189fd6a.yaml new file mode 100644 index 0000000000..a2dac178e6 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-d6f4b3b72641901c77ae56bba189fd6a.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-d6f4b3b72641901c77ae56bba189fd6a + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/bp-better-messages/" + google-query: inurl:"/wp-content/plugins/bp-better-messages/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,bp-better-messages,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bp-better-messages/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bp-better-messages" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.9.10.72', '<= 2.1.17') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-d730217db9f1721edde0c4c0be14cf55.yaml b/nuclei-templates/2023/CVE-2023-33999-d730217db9f1721edde0c4c0be14cf55.yaml new file mode 100644 index 0000000000..858b9584b7 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-d730217db9f1721edde0c4c0be14cf55.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-d730217db9f1721edde0c4c0be14cf55 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/delete-duplicate-posts/" + google-query: inurl:"/wp-content/plugins/delete-duplicate-posts/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,delete-duplicate-posts,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/delete-duplicate-posts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "delete-duplicate-posts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 4.1.9', '<= 4.8.8') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-d85405f6dea19d1740e31a37bb775cfa.yaml b/nuclei-templates/2023/CVE-2023-33999-d85405f6dea19d1740e31a37bb775cfa.yaml new file mode 100644 index 0000000000..84528ec63a --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-d85405f6dea19d1740e31a37bb775cfa.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-d85405f6dea19d1740e31a37bb775cfa + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/wp-tripadvisor-review-slider/" + google-query: inurl:"/wp-content/plugins/wp-tripadvisor-review-slider/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,wp-tripadvisor-review-slider,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-tripadvisor-review-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-tripadvisor-review-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 10.4', '<= 11.2') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-d9903cfa736245cdfbdcadefa5e91fec.yaml b/nuclei-templates/2023/CVE-2023-33999-d9903cfa736245cdfbdcadefa5e91fec.yaml new file mode 100644 index 0000000000..99d5263cec --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-d9903cfa736245cdfbdcadefa5e91fec.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-d9903cfa736245cdfbdcadefa5e91fec + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/error-log-monitor/" + google-query: inurl:"/wp-content/plugins/error-log-monitor/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,error-log-monitor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/error-log-monitor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "error-log-monitor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.6', '<= 1.7.6') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-dabf3ad0f09dfab386fc5d4d35830cf9.yaml b/nuclei-templates/2023/CVE-2023-33999-dabf3ad0f09dfab386fc5d4d35830cf9.yaml new file mode 100644 index 0000000000..cc8907ba61 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-dabf3ad0f09dfab386fc5d4d35830cf9.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-dabf3ad0f09dfab386fc5d4d35830cf9 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/simple-author-box/" + google-query: inurl:"/wp-content/plugins/simple-author-box/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,simple-author-box,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-author-box/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-author-box" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.22') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-dc68553d4cd77907a0dbfee1d6c2194c.yaml b/nuclei-templates/2023/CVE-2023-33999-dc68553d4cd77907a0dbfee1d6c2194c.yaml new file mode 100644 index 0000000000..de1375a77a --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-dc68553d4cd77907a0dbfee1d6c2194c.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-dc68553d4cd77907a0dbfee1d6c2194c + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/forms-for-divi/" + google-query: inurl:"/wp-content/plugins/forms-for-divi/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,forms-for-divi,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/forms-for-divi/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "forms-for-divi" + part: body + + - type: dsl + dsl: + - compare_versions(version, '8.1.2') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-ddf938f995fb8bc40cb72aee787fc97a.yaml b/nuclei-templates/2023/CVE-2023-33999-ddf938f995fb8bc40cb72aee787fc97a.yaml new file mode 100644 index 0000000000..3bd6917f60 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-ddf938f995fb8bc40cb72aee787fc97a.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-ddf938f995fb8bc40cb72aee787fc97a + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/buddyforms-members/" + google-query: inurl:"/wp-content/plugins/buddyforms-members/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,buddyforms-members,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/buddyforms-members/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "buddyforms-members" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.10') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-e124ab0fd97d79362c721129dbe3f321.yaml b/nuclei-templates/2023/CVE-2023-33999-e124ab0fd97d79362c721129dbe3f321.yaml new file mode 100644 index 0000000000..8a9f760495 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-e124ab0fd97d79362c721129dbe3f321.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-e124ab0fd97d79362c721129dbe3f321 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/startend-subscription-add-on-for-gravityforms/" + google-query: inurl:"/wp-content/plugins/startend-subscription-add-on-for-gravityforms/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,startend-subscription-add-on-for-gravityforms,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/startend-subscription-add-on-for-gravityforms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "startend-subscription-add-on-for-gravityforms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.0.6') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-e1987549a8adbbe02d8091642e10ab7c.yaml b/nuclei-templates/2023/CVE-2023-33999-e1987549a8adbbe02d8091642e10ab7c.yaml new file mode 100644 index 0000000000..78b3ce01ac --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-e1987549a8adbbe02d8091642e10ab7c.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-e1987549a8adbbe02d8091642e10ab7c + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/themes/chic-lifestyle/" + google-query: inurl:"/wp-content/themes/chic-lifestyle/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-theme,chic-lifestyle,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/chic-lifestyle/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "chic-lifestyle" + part: body + + - type: dsl + dsl: + - compare_versions(version, '1.1.3') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-e1d14b89c8fe23d950623479c37a9abb.yaml b/nuclei-templates/2023/CVE-2023-33999-e1d14b89c8fe23d950623479c37a9abb.yaml new file mode 100644 index 0000000000..40a2828a6d --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-e1d14b89c8fe23d950623479c37a9abb.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-e1d14b89c8fe23d950623479c37a9abb + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/wc-place-order-without-payment/" + google-query: inurl:"/wp-content/plugins/wc-place-order-without-payment/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,wc-place-order-without-payment,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wc-place-order-without-payment/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wc-place-order-without-payment" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-e2299fb7447a041586fc3dfc10dd567f.yaml b/nuclei-templates/2023/CVE-2023-33999-e2299fb7447a041586fc3dfc10dd567f.yaml new file mode 100644 index 0000000000..a3f7aea4d9 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-e2299fb7447a041586fc3dfc10dd567f.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-e2299fb7447a041586fc3dfc10dd567f + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/wp-cron-status-checker/" + google-query: inurl:"/wp-content/plugins/wp-cron-status-checker/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,wp-cron-status-checker,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-cron-status-checker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-cron-status-checker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.4') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-e263976072ca4f174001e781ce80f03c.yaml b/nuclei-templates/2023/CVE-2023-33999-e263976072ca4f174001e781ce80f03c.yaml new file mode 100644 index 0000000000..509e4bbf1d --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-e263976072ca4f174001e781ce80f03c.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-e263976072ca4f174001e781ce80f03c + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/fullworks-anti-spam/" + google-query: inurl:"/wp-content/plugins/fullworks-anti-spam/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,fullworks-anti-spam,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fullworks-anti-spam/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fullworks-anti-spam" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 0.0.1', '<= 1.3.9') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-e2ff0e9d18bea5096876a1ac8d872230.yaml b/nuclei-templates/2023/CVE-2023-33999-e2ff0e9d18bea5096876a1ac8d872230.yaml new file mode 100644 index 0000000000..d6e26a8f0f --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-e2ff0e9d18bea5096876a1ac8d872230.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-e2ff0e9d18bea5096876a1ac8d872230 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/themes/elasta/" + google-query: inurl:"/wp-content/themes/elasta/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-theme,elasta,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/elasta/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "elasta" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.0.4', '<= 1.0.8') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-e4b187f4ce7005bfdc65f27e01dd21bf.yaml b/nuclei-templates/2023/CVE-2023-33999-e4b187f4ce7005bfdc65f27e01dd21bf.yaml new file mode 100644 index 0000000000..06c134fa8c --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-e4b187f4ce7005bfdc65f27e01dd21bf.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-e4b187f4ce7005bfdc65f27e01dd21bf + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/content-protector/" + google-query: inurl:"/wp-content/plugins/content-protector/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,content-protector,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/content-protector/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "content-protector" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2.1') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-e511262b51959f132396027ff04d9dd3.yaml b/nuclei-templates/2023/CVE-2023-33999-e511262b51959f132396027ff04d9dd3.yaml new file mode 100644 index 0000000000..740be54dc4 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-e511262b51959f132396027ff04d9dd3.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-e511262b51959f132396027ff04d9dd3 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/license-manager-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/license-manager-for-woocommerce/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,license-manager-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/license-manager-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "license-manager-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 2.2.5', '<= 2.2.9') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-e589aa9a646b488bad508095eec47b94.yaml b/nuclei-templates/2023/CVE-2023-33999-e589aa9a646b488bad508095eec47b94.yaml new file mode 100644 index 0000000000..8075bedc8c --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-e589aa9a646b488bad508095eec47b94.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-e589aa9a646b488bad508095eec47b94 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/seo-for-local/" + google-query: inurl:"/wp-content/plugins/seo-for-local/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,seo-for-local,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/seo-for-local/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "seo-for-local" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 9.0.0', '<= 9.2.0') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-e654a3f8e0e527fc4a0de5e410e3933f.yaml b/nuclei-templates/2023/CVE-2023-33999-e654a3f8e0e527fc4a0de5e410e3933f.yaml new file mode 100644 index 0000000000..78b6b4f2c9 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-e654a3f8e0e527fc4a0de5e410e3933f.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-e654a3f8e0e527fc4a0de5e410e3933f + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/gpt3-ai-content-generator/" + google-query: inurl:"/wp-content/plugins/gpt3-ai-content-generator/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,gpt3-ai-content-generator,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gpt3-ai-content-generator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gpt3-ai-content-generator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.4.10', '<= 1.7.37') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-e68651662acd3a746257f5de3b17c95c.yaml b/nuclei-templates/2023/CVE-2023-33999-e68651662acd3a746257f5de3b17c95c.yaml new file mode 100644 index 0000000000..6eddd0d92f --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-e68651662acd3a746257f5de3b17c95c.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-e68651662acd3a746257f5de3b17c95c + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/custom-page-templates-by-vegacorp/" + google-query: inurl:"/wp-content/plugins/custom-page-templates-by-vegacorp/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,custom-page-templates-by-vegacorp,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-page-templates-by-vegacorp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-page-templates-by-vegacorp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.0.0', '<= 1.1.13') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-e6bd23ac80ef1f2c0e1fb216122d23e4.yaml b/nuclei-templates/2023/CVE-2023-33999-e6bd23ac80ef1f2c0e1fb216122d23e4.yaml new file mode 100644 index 0000000000..cc2558c01c --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-e6bd23ac80ef1f2c0e1fb216122d23e4.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-e6bd23ac80ef1f2c0e1fb216122d23e4 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/rss-control/" + google-query: inurl:"/wp-content/plugins/rss-control/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,rss-control,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rss-control/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rss-control" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 2.0.2', '<= 3.0.5') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-e6cd6dc5302bb9519d879e461082336e.yaml b/nuclei-templates/2023/CVE-2023-33999-e6cd6dc5302bb9519d879e461082336e.yaml new file mode 100644 index 0000000000..1de4213896 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-e6cd6dc5302bb9519d879e461082336e.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-e6cd6dc5302bb9519d879e461082336e + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/buddyforms/" + google-query: inurl:"/wp-content/plugins/buddyforms/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,buddyforms,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/buddyforms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "buddyforms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.2') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-e71fb16b464c41130def2b765ca895ce.yaml b/nuclei-templates/2023/CVE-2023-33999-e71fb16b464c41130def2b765ca895ce.yaml new file mode 100644 index 0000000000..73a13614ea --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-e71fb16b464c41130def2b765ca895ce.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-e71fb16b464c41130def2b765ca895ce + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/pramadillo-activecampaign-email-preference-center/" + google-query: inurl:"/wp-content/plugins/pramadillo-activecampaign-email-preference-center/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,pramadillo-activecampaign-email-preference-center,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pramadillo-activecampaign-email-preference-center/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pramadillo-activecampaign-email-preference-center" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.0.0', '<= 2.0.11') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-ea235bf9b0e192c92b47c0b947c36ce1.yaml b/nuclei-templates/2023/CVE-2023-33999-ea235bf9b0e192c92b47c0b947c36ce1.yaml new file mode 100644 index 0000000000..e94b24b115 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-ea235bf9b0e192c92b47c0b947c36ce1.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-ea235bf9b0e192c92b47c0b947c36ce1 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/buddydrive/" + google-query: inurl:"/wp-content/plugins/buddydrive/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,buddydrive,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/buddydrive/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "buddydrive" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.1') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-eb3960f9ae94ca9e06856eba20638f22.yaml b/nuclei-templates/2023/CVE-2023-33999-eb3960f9ae94ca9e06856eba20638f22.yaml new file mode 100644 index 0000000000..e024d3441a --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-eb3960f9ae94ca9e06856eba20638f22.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-eb3960f9ae94ca9e06856eba20638f22 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/funnelforms-free/" + google-query: inurl:"/wp-content/plugins/funnelforms-free/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,funnelforms-free,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/funnelforms-free/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "funnelforms-free" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 3.2.9', '<= 3.3.8.4') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-ebb71cd0a2dc555bc4aa4700b641434c.yaml b/nuclei-templates/2023/CVE-2023-33999-ebb71cd0a2dc555bc4aa4700b641434c.yaml new file mode 100644 index 0000000000..d7992493df --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-ebb71cd0a2dc555bc4aa4700b641434c.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-ebb71cd0a2dc555bc4aa4700b641434c + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/gs-team-members/" + google-query: inurl:"/wp-content/plugins/gs-team-members/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,gs-team-members,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gs-team-members/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gs-team-members" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.8', '<= 2.2.1') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-ebda58030f4b20a1460c4e8b5eb7aa40.yaml b/nuclei-templates/2023/CVE-2023-33999-ebda58030f4b20a1460c4e8b5eb7aa40.yaml new file mode 100644 index 0000000000..2e6b775a53 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-ebda58030f4b20a1460c4e8b5eb7aa40.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-ebda58030f4b20a1460c4e8b5eb7aa40 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/easy-marijuana-age-verify/" + google-query: inurl:"/wp-content/plugins/easy-marijuana-age-verify/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,easy-marijuana-age-verify,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-marijuana-age-verify/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-marijuana-age-verify" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.1') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-eebcfcc38bbe49c85dc65477853aec85.yaml b/nuclei-templates/2023/CVE-2023-33999-eebcfcc38bbe49c85dc65477853aec85.yaml new file mode 100644 index 0000000000..9c6cf0bcb5 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-eebcfcc38bbe49c85dc65477853aec85.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-eebcfcc38bbe49c85dc65477853aec85 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/wc-zelle/" + google-query: inurl:"/wp-content/plugins/wc-zelle/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,wc-zelle,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wc-zelle/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wc-zelle" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-f06c5e47ee46e0eda766117ba6f9ae5b.yaml b/nuclei-templates/2023/CVE-2023-33999-f06c5e47ee46e0eda766117ba6f9ae5b.yaml new file mode 100644 index 0000000000..b1f42cf735 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-f06c5e47ee46e0eda766117ba6f9ae5b.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-f06c5e47ee46e0eda766117ba6f9ae5b + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/tecslider/" + google-query: inurl:"/wp-content/plugins/tecslider/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,tecslider,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tecslider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tecslider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.0') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-f442019222feace161a743115248ed46.yaml b/nuclei-templates/2023/CVE-2023-33999-f442019222feace161a743115248ed46.yaml new file mode 100644 index 0000000000..613ee56a39 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-f442019222feace161a743115248ed46.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-f442019222feace161a743115248ed46 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/attribute-stock-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/attribute-stock-for-woocommerce/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,attribute-stock-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/attribute-stock-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "attribute-stock-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.1') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-f4d2d99fe835e487bb5fa19542971f6d.yaml b/nuclei-templates/2023/CVE-2023-33999-f4d2d99fe835e487bb5fa19542971f6d.yaml new file mode 100644 index 0000000000..fb6d9f416d --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-f4d2d99fe835e487bb5fa19542971f6d.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-f4d2d99fe835e487bb5fa19542971f6d + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/my-instagram-feed/" + google-query: inurl:"/wp-content/plugins/my-instagram-feed/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,my-instagram-feed,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/my-instagram-feed/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "my-instagram-feed" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.0.0', '<= 3.1.1') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-f506928fd29f3a3a58d238023087f3ad.yaml b/nuclei-templates/2023/CVE-2023-33999-f506928fd29f3a3a58d238023087f3ad.yaml new file mode 100644 index 0000000000..3630e5981f --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-f506928fd29f3a3a58d238023087f3ad.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-f506928fd29f3a3a58d238023087f3ad + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/5-stars-rating-funnel/" + google-query: inurl:"/wp-content/plugins/5-stars-rating-funnel/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,5-stars-rating-funnel,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/5-stars-rating-funnel/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "5-stars-rating-funnel" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.62') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-f51f29a5a45afb4571b0dbe1a4b8fc07.yaml b/nuclei-templates/2023/CVE-2023-33999-f51f29a5a45afb4571b0dbe1a4b8fc07.yaml new file mode 100644 index 0000000000..2fdbcae2d1 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-f51f29a5a45afb4571b0dbe1a4b8fc07.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-f51f29a5a45afb4571b0dbe1a4b8fc07 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/themes/suffice/" + google-query: inurl:"/wp-content/themes/suffice/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-theme,suffice,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/suffice/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "suffice" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.5') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-f5734643164a6b60812d21a8f8e1dce5.yaml b/nuclei-templates/2023/CVE-2023-33999-f5734643164a6b60812d21a8f8e1dce5.yaml new file mode 100644 index 0000000000..0a0c361891 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-f5734643164a6b60812d21a8f8e1dce5.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-f5734643164a6b60812d21a8f8e1dce5 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/cryptocurrency-product-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/cryptocurrency-product-for-woocommerce/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,cryptocurrency-product-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cryptocurrency-product-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cryptocurrency-product-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.16.9') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-f62684d3a25b5288e695040b3baeb41f.yaml b/nuclei-templates/2023/CVE-2023-33999-f62684d3a25b5288e695040b3baeb41f.yaml new file mode 100644 index 0000000000..476e650a47 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-f62684d3a25b5288e695040b3baeb41f.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-f62684d3a25b5288e695040b3baeb41f + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/mail-control/" + google-query: inurl:"/wp-content/plugins/mail-control/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,mail-control,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mail-control/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mail-control" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 0.2', '<= 0.2.8') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-f7906cfddea7421ef8e16861dbfe92ad.yaml b/nuclei-templates/2023/CVE-2023-33999-f7906cfddea7421ef8e16861dbfe92ad.yaml new file mode 100644 index 0000000000..d3ed83f01f --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-f7906cfddea7421ef8e16861dbfe92ad.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-f7906cfddea7421ef8e16861dbfe92ad + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/rating-widget/" + google-query: inurl:"/wp-content/plugins/rating-widget/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,rating-widget,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rating-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rating-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.9') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-f8706d9a20a48b3e79178937c6f016a3.yaml b/nuclei-templates/2023/CVE-2023-33999-f8706d9a20a48b3e79178937c6f016a3.yaml new file mode 100644 index 0000000000..c6157e0b3e --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-f8706d9a20a48b3e79178937c6f016a3.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-f8706d9a20a48b3e79178937c6f016a3 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/buddyforms-hierarchical-posts/" + google-query: inurl:"/wp-content/plugins/buddyforms-hierarchical-posts/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,buddyforms-hierarchical-posts,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/buddyforms-hierarchical-posts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "buddyforms-hierarchical-posts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.3') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-f8e246bbb63302da7b8e9c2c4e70e309.yaml b/nuclei-templates/2023/CVE-2023-33999-f8e246bbb63302da7b8e9c2c4e70e309.yaml new file mode 100644 index 0000000000..96b132383e --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-f8e246bbb63302da7b8e9c2c4e70e309.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-f8e246bbb63302da7b8e9c2c4e70e309 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/drop-shadow-boxes/" + google-query: inurl:"/wp-content/plugins/drop-shadow-boxes/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,drop-shadow-boxes,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/drop-shadow-boxes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "drop-shadow-boxes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.5.8', '<= 1.7.10') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-f946d5f801bffa655973f7769cdef846.yaml b/nuclei-templates/2023/CVE-2023-33999-f946d5f801bffa655973f7769cdef846.yaml new file mode 100644 index 0000000000..e79cf5eb5c --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-f946d5f801bffa655973f7769cdef846.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-f946d5f801bffa655973f7769cdef846 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/smart-variations-images/" + google-query: inurl:"/wp-content/plugins/smart-variations-images/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,smart-variations-images,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/smart-variations-images/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "smart-variations-images" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 4.0.1', '<= 5.2.7') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-f955c4ac187f05672218bbc7bced26f8.yaml b/nuclei-templates/2023/CVE-2023-33999-f955c4ac187f05672218bbc7bced26f8.yaml new file mode 100644 index 0000000000..dde3fcf082 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-f955c4ac187f05672218bbc7bced26f8.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-f955c4ac187f05672218bbc7bced26f8 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/addons-for-elementor/" + google-query: inurl:"/wp-content/plugins/addons-for-elementor/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,addons-for-elementor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/addons-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "addons-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 2.0.1', '<= 7.7.1') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-f9e2bd5e6bfb9ba7e36d35ab51e85acd.yaml b/nuclei-templates/2023/CVE-2023-33999-f9e2bd5e6bfb9ba7e36d35ab51e85acd.yaml new file mode 100644 index 0000000000..0db1468d79 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-f9e2bd5e6bfb9ba7e36d35ab51e85acd.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-f9e2bd5e6bfb9ba7e36d35ab51e85acd + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/new-user-approve/" + google-query: inurl:"/wp-content/plugins/new-user-approve/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,new-user-approve,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/new-user-approve/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "new-user-approve" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.0') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-fabe4b12cace4fd332a5e2d546f0cb6b.yaml b/nuclei-templates/2023/CVE-2023-33999-fabe4b12cace4fd332a5e2d546f0cb6b.yaml new file mode 100644 index 0000000000..d15f6fac92 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-fabe4b12cace4fd332a5e2d546f0cb6b.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-fabe4b12cace4fd332a5e2d546f0cb6b + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/jobwp/" + google-query: inurl:"/wp-content/plugins/jobwp/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,jobwp,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jobwp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jobwp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-fafa35974f39deca6a08588dfd713391.yaml b/nuclei-templates/2023/CVE-2023-33999-fafa35974f39deca6a08588dfd713391.yaml new file mode 100644 index 0000000000..ce2fc4d108 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-fafa35974f39deca6a08588dfd713391.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-fafa35974f39deca6a08588dfd713391 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/woo-country-restrictions-advanced/" + google-query: inurl:"/wp-content/plugins/woo-country-restrictions-advanced/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,woo-country-restrictions-advanced,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-country-restrictions-advanced/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-country-restrictions-advanced" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.0.0', '<= 1.14.0') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-fbbb5389335d3215fc4a126705304b30.yaml b/nuclei-templates/2023/CVE-2023-33999-fbbb5389335d3215fc4a126705304b30.yaml new file mode 100644 index 0000000000..b791c4efa7 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-fbbb5389335d3215fc4a126705304b30.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-fbbb5389335d3215fc4a126705304b30 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/sprout-clients/" + google-query: inurl:"/wp-content/plugins/sprout-clients/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,sprout-clients,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sprout-clients/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sprout-clients" + part: body + + - type: dsl + dsl: + - compare_versions(version, '3.1') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-fbd429aafd09f32188fcdf26410a8916.yaml b/nuclei-templates/2023/CVE-2023-33999-fbd429aafd09f32188fcdf26410a8916.yaml new file mode 100644 index 0000000000..d63e3ee216 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-fbd429aafd09f32188fcdf26410a8916.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-fbd429aafd09f32188fcdf26410a8916 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/wp-photo-effects/" + google-query: inurl:"/wp-content/plugins/wp-photo-effects/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,wp-photo-effects,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-photo-effects/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-photo-effects" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.2') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-fe5ebd3e8aa7161aa1fe729ac0cb56a2.yaml b/nuclei-templates/2023/CVE-2023-33999-fe5ebd3e8aa7161aa1fe729ac0cb56a2.yaml new file mode 100644 index 0000000000..2cbdfd2c0d --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-fe5ebd3e8aa7161aa1fe729ac0cb56a2.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-fe5ebd3e8aa7161aa1fe729ac0cb56a2 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/cf7-message-filter/" + google-query: inurl:"/wp-content/plugins/cf7-message-filter/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,cf7-message-filter,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cf7-message-filter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cf7-message-filter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.2') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-ff6ac39b9a5c07c51c53fd7cc34e25fa.yaml b/nuclei-templates/2023/CVE-2023-33999-ff6ac39b9a5c07c51c53fd7cc34e25fa.yaml new file mode 100644 index 0000000000..230476bea3 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-ff6ac39b9a5c07c51c53fd7cc34e25fa.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-ff6ac39b9a5c07c51c53fd7cc34e25fa + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/expandable-paywall/" + google-query: inurl:"/wp-content/plugins/expandable-paywall/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,expandable-paywall,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/expandable-paywall/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "expandable-paywall" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.1.1', '<= 2.0.16') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-33999-ff76e151a5f68dae6897f9de1c68f8d0.yaml b/nuclei-templates/2023/CVE-2023-33999-ff76e151a5f68dae6897f9de1c68f8d0.yaml new file mode 100644 index 0000000000..2508dfc9e8 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-33999-ff76e151a5f68dae6897f9de1c68f8d0.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-33999-ff76e151a5f68dae6897f9de1c68f8d0 + +info: + name: > + Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get + author: topscoder + severity: medium + description: > + The Freemius SDK for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘fs_request_get’ function in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5253fe2b-040b-417c-b257-0cb59ee5aa6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-33999 + metadata: + fofa-query: "wp-content/plugins/bulletin-announcements/" + google-query: inurl:"/wp-content/plugins/bulletin-announcements/" + shodan-query: 'vuln:CVE-2023-33999' + tags: cve,wordpress,wp-plugin,bulletin-announcements,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bulletin-announcements/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bulletin-announcements" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.0.1', '<= 3.7.1') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-3510-c4f9bd6de437d1951b88bb16387538bb.yaml b/nuclei-templates/2023/CVE-2023-3510-c4f9bd6de437d1951b88bb16387538bb.yaml index 3039a7289e..4a04d5b16c 100644 --- a/nuclei-templates/2023/CVE-2023-3510-c4f9bd6de437d1951b88bb16387538bb.yaml +++ b/nuclei-templates/2023/CVE-2023-3510-c4f9bd6de437d1951b88bb16387538bb.yaml @@ -11,8 +11,8 @@ info: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/0a1e0d55-2894-450b-afaf-134a13512403?source=api-prod classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 cve-id: CVE-2023-3510 metadata: fofa-query: "wp-content/plugins/ftp-access/" diff --git a/nuclei-templates/2023/CVE-2023-35776-4cd18c870dedf1d2b3c5b37336ccc704.yaml b/nuclei-templates/2023/CVE-2023-35776-4cd18c870dedf1d2b3c5b37336ccc704.yaml index a3d83717e6..c57e0d836c 100644 --- a/nuclei-templates/2023/CVE-2023-35776-4cd18c870dedf1d2b3c5b37336ccc704.yaml +++ b/nuclei-templates/2023/CVE-2023-35776-4cd18c870dedf1d2b3c5b37336ccc704.yaml @@ -15,17 +15,17 @@ info: cvss-score: 6.4 cve-id: CVE-2023-35776 metadata: - fofa-query: "wp-content/plugins/UNKNOWN-CVE-2023-35776-1/" - google-query: inurl:"/wp-content/plugins/UNKNOWN-CVE-2023-35776-1/" + fofa-query: "wp-content/plugins/sermone-online-sermons-management/" + google-query: inurl:"/wp-content/plugins/sermone-online-sermons-management/" shodan-query: 'vuln:CVE-2023-35776' - tags: cve,wordpress,wp-plugin,UNKNOWN-CVE-2023-35776-1,low + tags: cve,wordpress,wp-plugin,sermone-online-sermons-management,low http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/UNKNOWN-CVE-2023-35776-1/readme.txt" + - "{{BaseURL}}/wp-content/plugins/sermone-online-sermons-management/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "UNKNOWN-CVE-2023-35776-1" + - "sermone-online-sermons-management" part: body - type: dsl diff --git a/nuclei-templates/2023/CVE-2023-3650-67cc4822c2bc5c8275c778dd5e6f9197.yaml b/nuclei-templates/2023/CVE-2023-3650-67cc4822c2bc5c8275c778dd5e6f9197.yaml index 1326a14cc8..e57da01b10 100644 --- a/nuclei-templates/2023/CVE-2023-3650-67cc4822c2bc5c8275c778dd5e6f9197.yaml +++ b/nuclei-templates/2023/CVE-2023-3650-67cc4822c2bc5c8275c778dd5e6f9197.yaml @@ -15,17 +15,17 @@ info: cvss-score: 4.4 cve-id: CVE-2023-3650 metadata: - fofa-query: "wp-content/plugins/UNKNOWN-CVE-2023-3650-1/" - google-query: inurl:"/wp-content/plugins/UNKNOWN-CVE-2023-3650-1/" + fofa-query: "wp-content/plugins/bubble-menu/" + google-query: inurl:"/wp-content/plugins/bubble-menu/" shodan-query: 'vuln:CVE-2023-3650' - tags: cve,wordpress,wp-plugin,UNKNOWN-CVE-2023-3650-1,low + tags: cve,wordpress,wp-plugin,bubble-menu,low http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/UNKNOWN-CVE-2023-3650-1/readme.txt" + - "{{BaseURL}}/wp-content/plugins/bubble-menu/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "UNKNOWN-CVE-2023-3650-1" + - "bubble-menu" part: body - type: dsl diff --git a/nuclei-templates/2023/CVE-2023-3814-0ff602ed74ccc25b85d340900f226cf6.yaml b/nuclei-templates/2023/CVE-2023-3814-0ff602ed74ccc25b85d340900f226cf6.yaml index 76a968a2d4..21d47bd809 100644 --- a/nuclei-templates/2023/CVE-2023-3814-0ff602ed74ccc25b85d340900f226cf6.yaml +++ b/nuclei-templates/2023/CVE-2023-3814-0ff602ed74ccc25b85d340900f226cf6.yaml @@ -2,7 +2,7 @@ id: CVE-2023-3814-0ff602ed74ccc25b85d340900f226cf6 info: name: > - Advanced File Manager <= 5.1 - Authenticated(Administrator+) Arbitrary File and Folder Access + Advanced File Manager <= 5.1 - Authenticated (Administrator+) Arbitrary File and Folder Access author: topscoder severity: low description: > diff --git a/nuclei-templates/2023/CVE-2023-40601-f1cf5c4b96a8b6c3f04d7d0c6daaab47.yaml b/nuclei-templates/2023/CVE-2023-40601-f1cf5c4b96a8b6c3f04d7d0c6daaab47.yaml index 6d3ef61cb2..8a5f12ee4c 100644 --- a/nuclei-templates/2023/CVE-2023-40601-f1cf5c4b96a8b6c3f04d7d0c6daaab47.yaml +++ b/nuclei-templates/2023/CVE-2023-40601-f1cf5c4b96a8b6c3f04d7d0c6daaab47.yaml @@ -2,11 +2,11 @@ id: CVE-2023-40601-f1cf5c4b96a8b6c3f04d7d0c6daaab47 info: name: > - Mortgage Calculator Estatik <= 2.0.7 - Unauthenticated Cross-Site Scripting + Mortgage Calculator Estatik <= 2.0.11 - Reflected Cross-Site Scripting author: topscoder - severity: high + severity: medium description: > - The Mortgage Calculator Estatik plugin for WordPress is vulnerable to Cross-Site Scripting via un unknown parameter in versions up to, and including, 2.0.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + The Estatik Mortgage Calculator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 2.0.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/cb73e92b-b807-4406-b378-cef6cff9eb82?source=api-prod @@ -18,7 +18,7 @@ info: fofa-query: "wp-content/plugins/estatik-mortgage-calculator/" google-query: inurl:"/wp-content/plugins/estatik-mortgage-calculator/" shodan-query: 'vuln:CVE-2023-40601' - tags: cve,wordpress,wp-plugin,estatik-mortgage-calculator,high + tags: cve,wordpress,wp-plugin,estatik-mortgage-calculator,medium http: - method: GET @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 2.0.7') \ No newline at end of file + - compare_versions(version, '<= 2.0.11') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-41804-f4e4eda096d38172059c8e8a9795d570.yaml b/nuclei-templates/2023/CVE-2023-41804-f4e4eda096d38172059c8e8a9795d570.yaml index e1b441e04e..9c92c0ce90 100644 --- a/nuclei-templates/2023/CVE-2023-41804-f4e4eda096d38172059c8e8a9795d570.yaml +++ b/nuclei-templates/2023/CVE-2023-41804-f4e4eda096d38172059c8e8a9795d570.yaml @@ -15,17 +15,17 @@ info: cvss-score: 6.4 cve-id: CVE-2023-41804 metadata: - fofa-query: "wp-content/plugins/astra-sites/" - google-query: inurl:"/wp-content/plugins/astra-sites/" + fofa-query: "wp-content/plugins/astra-pro-sites/" + google-query: inurl:"/wp-content/plugins/astra-pro-sites/" shodan-query: 'vuln:CVE-2023-41804' - tags: cve,wordpress,wp-plugin,astra-sites,low + tags: cve,wordpress,wp-plugin,astra-pro-sites,low http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/astra-sites/readme.txt" + - "{{BaseURL}}/wp-content/plugins/astra-pro-sites/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "astra-sites" + - "astra-pro-sites" part: body - type: dsl diff --git a/nuclei-templates/2023/CVE-2023-41805-3e3ec6959c6d20404bb5433b541c84d5.yaml b/nuclei-templates/2023/CVE-2023-41805-3e3ec6959c6d20404bb5433b541c84d5.yaml index b016873913..f8beac3e74 100644 --- a/nuclei-templates/2023/CVE-2023-41805-3e3ec6959c6d20404bb5433b541c84d5.yaml +++ b/nuclei-templates/2023/CVE-2023-41805-3e3ec6959c6d20404bb5433b541c84d5.yaml @@ -15,17 +15,17 @@ info: cvss-score: 4.3 cve-id: CVE-2023-41805 metadata: - fofa-query: "wp-content/plugins/astra-sites/" - google-query: inurl:"/wp-content/plugins/astra-sites/" + fofa-query: "wp-content/plugins/astra-pro-sites/" + google-query: inurl:"/wp-content/plugins/astra-pro-sites/" shodan-query: 'vuln:CVE-2023-41805' - tags: cve,wordpress,wp-plugin,astra-sites,low + tags: cve,wordpress,wp-plugin,astra-pro-sites,low http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/astra-sites/readme.txt" + - "{{BaseURL}}/wp-content/plugins/astra-pro-sites/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "astra-sites" + - "astra-pro-sites" part: body - type: dsl diff --git a/nuclei-templates/2023/CVE-2023-41849-eef172f84c17516448142ed18f6105a2.yaml b/nuclei-templates/2023/CVE-2023-41849-eef172f84c17516448142ed18f6105a2.yaml index 59886f870b..9f37ca7556 100644 --- a/nuclei-templates/2023/CVE-2023-41849-eef172f84c17516448142ed18f6105a2.yaml +++ b/nuclei-templates/2023/CVE-2023-41849-eef172f84c17516448142ed18f6105a2.yaml @@ -11,8 +11,8 @@ info: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/8babc42a-c45c-423f-bd09-da7afb947691?source=api-prod classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N - cvss-score: 5.3 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 cve-id: CVE-2023-41849 metadata: fofa-query: "wp-content/plugins/posts-like-dislike/" diff --git a/nuclei-templates/2023/CVE-2023-45602-12ce68415721e335388c92b42e6cfe0f.yaml b/nuclei-templates/2023/CVE-2023-45602-12ce68415721e335388c92b42e6cfe0f.yaml index 3229c5358d..80f7d3d1ab 100644 --- a/nuclei-templates/2023/CVE-2023-45602-12ce68415721e335388c92b42e6cfe0f.yaml +++ b/nuclei-templates/2023/CVE-2023-45602-12ce68415721e335388c92b42e6cfe0f.yaml @@ -2,11 +2,11 @@ id: CVE-2023-45602-12ce68415721e335388c92b42e6cfe0f info: name: > - Ebook Store <= 5.788 - Reflected Cross-Site Scripting + Ebook Store <= 5.8001 - Reflected Cross-Site Scripting author: topscoder severity: medium description: > - The Ebook Store plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 5.788 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + The Ebook Store plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 5.8001 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/e36eed5b-f76d-451e-a0f8-fd4b91bcf9f1?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 5.788') \ No newline at end of file + - compare_versions(version, '<= 5.8001') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-45631-141b8d3c01bf44b5a9254296f2b9a19e.yaml b/nuclei-templates/2023/CVE-2023-45631-141b8d3c01bf44b5a9254296f2b9a19e.yaml index 1aa04ff788..771d444263 100644 --- a/nuclei-templates/2023/CVE-2023-45631-141b8d3c01bf44b5a9254296f2b9a19e.yaml +++ b/nuclei-templates/2023/CVE-2023-45631-141b8d3c01bf44b5a9254296f2b9a19e.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: low description: > - The Responsive Image Gallery, Gallery Album plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to missing capability checks on multiple AJAX functions in versions up to, and including, 2.0.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to e.g. create galleries, delete galleries, rename albums, delete albums, and more. + The Responsive Image Gallery, Gallery Album plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to missing capability checks on multiple AJAX functions in versions up to, and including, 2.0.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to e.g. create galleries, delete galleries, rename albums, delete albums, and more. CVE-2024-37542 may be a duplicate of this. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/cb08cf02-4766-4093-9306-3b4581f54f77?source=api-prod diff --git a/nuclei-templates/2023/CVE-2023-45830-a66867b51a5c6217bf179b499ba90aa6.yaml b/nuclei-templates/2023/CVE-2023-45830-a66867b51a5c6217bf179b499ba90aa6.yaml index 4bfaa5a6f5..f6a135afeb 100644 --- a/nuclei-templates/2023/CVE-2023-45830-a66867b51a5c6217bf179b499ba90aa6.yaml +++ b/nuclei-templates/2023/CVE-2023-45830-a66867b51a5c6217bf179b499ba90aa6.yaml @@ -11,8 +11,8 @@ info: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/10590944-e08e-4980-846d-7a88880b2dcd?source=api-prod classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 cve-id: CVE-2023-45830 metadata: fofa-query: "wp-content/plugins/online-accessibility/" diff --git a/nuclei-templates/2023/CVE-2023-47525-9cc2fbca420d58725b7ce929efe5757b.yaml b/nuclei-templates/2023/CVE-2023-47525-9cc2fbca420d58725b7ce929efe5757b.yaml index 90f7542c3c..327d7ed3f4 100644 --- a/nuclei-templates/2023/CVE-2023-47525-9cc2fbca420d58725b7ce929efe5757b.yaml +++ b/nuclei-templates/2023/CVE-2023-47525-9cc2fbca420d58725b7ce929efe5757b.yaml @@ -2,11 +2,11 @@ id: CVE-2023-47525-9cc2fbca420d58725b7ce929efe5757b info: name: > - Event Management Tickets Booking <= 1.3.6 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings + Event Management Tickets Booking <= 1.4.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings author: topscoder severity: low description: > - The Event Monster – Event Management, Tickets Booking, Upcoming Event plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.3.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. + The Event Monster – Event Management, Tickets Booking, Upcoming Event plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.4.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/8f4f2317-945e-4fd8-8a0b-981b88a8412c?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 1.3.6') \ No newline at end of file + - compare_versions(version, '<= 1.4.5') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-47658-7e7c7e943b518f1210442c25aac740a3.yaml b/nuclei-templates/2023/CVE-2023-47658-7e7c7e943b518f1210442c25aac740a3.yaml index ad7ae3eeb4..98007bf02e 100644 --- a/nuclei-templates/2023/CVE-2023-47658-7e7c7e943b518f1210442c25aac740a3.yaml +++ b/nuclei-templates/2023/CVE-2023-47658-7e7c7e943b518f1210442c25aac740a3.yaml @@ -2,11 +2,11 @@ id: CVE-2023-47658-7e7c7e943b518f1210442c25aac740a3 info: name: > - Extra Product Options for WooCommerce <= 3.0.3 - Authenticated (Shop manager+) Stored Cross-Site Scripting via plugin settings + Extra Product Options for WooCommerce <= 3.0.8 - Authenticated (Shop manager+) Stored Cross-Site Scripting via plugin settings author: topscoder severity: low description: > - The Extra Product Options for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in versions up to, and including, 3.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with shop manager-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + The Extra Product Options for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in versions up to, and including, 3.0.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with shop manager-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/393a856e-dc13-4fb6-8ff3-5880631953c4?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 3.0.3') \ No newline at end of file + - compare_versions(version, '<= 3.0.8') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-48275-760f8da091e44108d133b8f5be6cd02b.yaml b/nuclei-templates/2023/CVE-2023-48275-760f8da091e44108d133b8f5be6cd02b.yaml index da3b0fe8f0..7c3131d786 100644 --- a/nuclei-templates/2023/CVE-2023-48275-760f8da091e44108d133b8f5be6cd02b.yaml +++ b/nuclei-templates/2023/CVE-2023-48275-760f8da091e44108d133b8f5be6cd02b.yaml @@ -15,17 +15,17 @@ info: cvss-score: 6.6 cve-id: CVE-2023-48275 metadata: - fofa-query: "wp-content/plugins/widgets-for-alibaba-reviews/" - google-query: inurl:"/wp-content/plugins/widgets-for-alibaba-reviews/" + fofa-query: "wp-content/plugins/widgets-for-sourceforge-reviews/" + google-query: inurl:"/wp-content/plugins/widgets-for-sourceforge-reviews/" shodan-query: 'vuln:CVE-2023-48275' - tags: cve,wordpress,wp-plugin,widgets-for-alibaba-reviews,low + tags: cve,wordpress,wp-plugin,widgets-for-sourceforge-reviews,low http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/widgets-for-alibaba-reviews/readme.txt" + - "{{BaseURL}}/wp-content/plugins/widgets-for-sourceforge-reviews/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "widgets-for-alibaba-reviews" + - "widgets-for-sourceforge-reviews" part: body - type: dsl diff --git a/nuclei-templates/2023/CVE-2023-48283-610c57d08e0b04d028e4596dae7baa82.yaml b/nuclei-templates/2023/CVE-2023-48283-610c57d08e0b04d028e4596dae7baa82.yaml index a06d8cfced..0ca9cd67ab 100644 --- a/nuclei-templates/2023/CVE-2023-48283-610c57d08e0b04d028e4596dae7baa82.yaml +++ b/nuclei-templates/2023/CVE-2023-48283-610c57d08e0b04d028e4596dae7baa82.yaml @@ -2,11 +2,11 @@ id: CVE-2023-48283-610c57d08e0b04d028e4596dae7baa82 info: name: > - Simple Testimonials Showcase <= 1.1.5 - Cross-Site Request Forgery + Simple Testimonials Showcase <= 1.1.6 - Cross-Site Request Forgery author: topscoder severity: medium description: > - The Simple Testimonials Showcase plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.5. This is due to missing or incorrect nonce validation on the sts_save_settings() function. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + The Simple Testimonials Showcase plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.6. This is due to missing or incorrect nonce validation on the sts_save_settings() function. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/b6008237-e4a8-4757-ae14-ac20c6f1b0af?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 1.1.5') \ No newline at end of file + - compare_versions(version, '<= 1.1.6') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-4841-ca813ecbb8d4a1637a5d3486fc2981b0.yaml b/nuclei-templates/2023/CVE-2023-4841-ca813ecbb8d4a1637a5d3486fc2981b0.yaml index 5390d77044..dc948ac901 100644 --- a/nuclei-templates/2023/CVE-2023-4841-ca813ecbb8d4a1637a5d3486fc2981b0.yaml +++ b/nuclei-templates/2023/CVE-2023-4841-ca813ecbb8d4a1637a5d3486fc2981b0.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: low description: > - The Feeds for YouTube for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'youtube-feed' shortcode in versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + The Feeds for YouTube plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'youtube-feed' shortcode in versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/376e2638-a873-4142-ad7d-067ae3333709?source=api-prod diff --git a/nuclei-templates/2023/CVE-2023-4887-36777ab8285670b9fc307515de8ca6cb.yaml b/nuclei-templates/2023/CVE-2023-4887-36777ab8285670b9fc307515de8ca6cb.yaml index 57dbe13632..e6fde2b15b 100644 --- a/nuclei-templates/2023/CVE-2023-4887-36777ab8285670b9fc307515de8ca6cb.yaml +++ b/nuclei-templates/2023/CVE-2023-4887-36777ab8285670b9fc307515de8ca6cb.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: low description: > - The Google Maps Plugin by Intergeo for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'intergeo' shortcode in versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + The Google Maps Plugin by Intergeo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'intergeo' shortcode in versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/cb6d11ad-0983-4a4b-b52b-824eae8b8e3c?source=api-prod diff --git a/nuclei-templates/2023/CVE-2023-4890-49b654fa431717914ac4bb4568cd207b.yaml b/nuclei-templates/2023/CVE-2023-4890-49b654fa431717914ac4bb4568cd207b.yaml index f93b397b00..cff48d900e 100644 --- a/nuclei-templates/2023/CVE-2023-4890-49b654fa431717914ac4bb4568cd207b.yaml +++ b/nuclei-templates/2023/CVE-2023-4890-49b654fa431717914ac4bb4568cd207b.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: low description: > - The JQuery Accordion Menu Widget for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'dcwp-jquery-accordion' shortcode in versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + The JQuery Accordion Menu Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'dcwp-jquery-accordion' shortcode in versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/b0cf3015-cdc9-4ac9-82f3-e9b4d1203e22?source=api-prod diff --git a/nuclei-templates/2023/CVE-2023-49162-8e57439d85689e03a3744c8d9efc5f5f.yaml b/nuclei-templates/2023/CVE-2023-49162-8e57439d85689e03a3744c8d9efc5f5f.yaml index 59481c9e4a..1adc618cce 100644 --- a/nuclei-templates/2023/CVE-2023-49162-8e57439d85689e03a3744c8d9efc5f5f.yaml +++ b/nuclei-templates/2023/CVE-2023-49162-8e57439d85689e03a3744c8d9efc5f5f.yaml @@ -2,11 +2,11 @@ id: CVE-2023-49162-8e57439d85689e03a3744c8d9efc5f5f info: name: > - BigCommerce <= 5.0.7 - Unauthenticated Sensitive Information Exposure + BigCommerce <= 5.1.1 - Unauthenticated Sensitive Information Exposure author: topscoder severity: medium description: > - The BigCommerce For WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.0.7. This makes it possible for unauthenticated attackers to extract sensitive data. + The BigCommerce For WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.1.1. This makes it possible for unauthenticated attackers to extract sensitive data. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/e3a7e0b6-dc6d-4e3a-bb05-12d6ace330df?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 5.0.7') \ No newline at end of file + - compare_versions(version, '<= 5.1.1') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-4944-4c7d98f9eca14954af0bf2c4b2541a44.yaml b/nuclei-templates/2023/CVE-2023-4944-4c7d98f9eca14954af0bf2c4b2541a44.yaml index 9839a09766..0dada5fbde 100644 --- a/nuclei-templates/2023/CVE-2023-4944-4c7d98f9eca14954af0bf2c4b2541a44.yaml +++ b/nuclei-templates/2023/CVE-2023-4944-4c7d98f9eca14954af0bf2c4b2541a44.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: low description: > - The Awesome Weather Widget for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'awesome-weather' shortcode in versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + The Awesome Weather Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'awesome-weather' shortcode in versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/3bf77988-370b-437f-83a0-18a147e3e087?source=api-prod diff --git a/nuclei-templates/2023/CVE-2023-4963-52eebc87ac5482b9d4df9e8e40f2a2bf.yaml b/nuclei-templates/2023/CVE-2023-4963-52eebc87ac5482b9d4df9e8e40f2a2bf.yaml index 73df0f2f68..a5a9543125 100644 --- a/nuclei-templates/2023/CVE-2023-4963-52eebc87ac5482b9d4df9e8e40f2a2bf.yaml +++ b/nuclei-templates/2023/CVE-2023-4963-52eebc87ac5482b9d4df9e8e40f2a2bf.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: low description: > - The WS Facebook Like Box Widget for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'ws-facebook-likebox' shortcode in versions up to, and including, 5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + The WS Facebook Like Box Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'ws-facebook-likebox' shortcode in versions up to, and including, 5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/8bebc229-9d15-439f-a8df-f68455bc5193?source=api-prod diff --git a/nuclei-templates/2023/CVE-2023-49838-ae68fd3be626b22f857eaf47bca1e955.yaml b/nuclei-templates/2023/CVE-2023-49838-ae68fd3be626b22f857eaf47bca1e955.yaml index 7ba9969506..75d513ff72 100644 --- a/nuclei-templates/2023/CVE-2023-49838-ae68fd3be626b22f857eaf47bca1e955.yaml +++ b/nuclei-templates/2023/CVE-2023-49838-ae68fd3be626b22f857eaf47bca1e955.yaml @@ -15,17 +15,17 @@ info: cvss-score: 4.3 cve-id: CVE-2023-49838 metadata: - fofa-query: "wp-content/themes/medibazar/" - google-query: inurl:"/wp-content/themes/medibazar/" + fofa-query: "wp-content/themes/partdo/" + google-query: inurl:"/wp-content/themes/partdo/" shodan-query: 'vuln:CVE-2023-49838' - tags: cve,wordpress,wp-theme,medibazar,medium + tags: cve,wordpress,wp-theme,partdo,medium http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/themes/medibazar/style.css" + - "{{BaseURL}}/wp-content/themes/partdo/style.css" extractors: - type: regex @@ -51,9 +51,9 @@ http: - type: word words: - - "medibazar" + - "partdo" part: body - type: dsl dsl: - - compare_versions(version, '<= 1.8.6') \ No newline at end of file + - compare_versions(version, '<= 1.1.1') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-49839-8c8bf7fd6cab82b7ccd552d79e1db625.yaml b/nuclei-templates/2023/CVE-2023-49839-8c8bf7fd6cab82b7ccd552d79e1db625.yaml index d53bf1221d..ca7361fe6b 100644 --- a/nuclei-templates/2023/CVE-2023-49839-8c8bf7fd6cab82b7ccd552d79e1db625.yaml +++ b/nuclei-templates/2023/CVE-2023-49839-8c8bf7fd6cab82b7ccd552d79e1db625.yaml @@ -15,17 +15,17 @@ info: cvss-score: 6.1 cve-id: CVE-2023-49839 metadata: - fofa-query: "wp-content/plugins/cosmetsy-core/" - google-query: inurl:"/wp-content/plugins/cosmetsy-core/" + fofa-query: "wp-content/plugins/furnob-core/" + google-query: inurl:"/wp-content/plugins/furnob-core/" shodan-query: 'vuln:CVE-2023-49839' - tags: cve,wordpress,wp-plugin,cosmetsy-core,medium + tags: cve,wordpress,wp-plugin,furnob-core,medium http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/cosmetsy-core/readme.txt" + - "{{BaseURL}}/wp-content/plugins/furnob-core/readme.txt" extractors: - type: regex @@ -51,9 +51,9 @@ http: - type: word words: - - "cosmetsy-core" + - "furnob-core" part: body - type: dsl dsl: - - compare_versions(version, '<= 1.3.0') \ No newline at end of file + - compare_versions(version, '<= 1.1.7') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-49853-e5a1dccb35e87a344b3f57504f7a4d63.yaml b/nuclei-templates/2023/CVE-2023-49853-e5a1dccb35e87a344b3f57504f7a4d63.yaml index 0a72c83f91..8e9bacc24d 100644 --- a/nuclei-templates/2023/CVE-2023-49853-e5a1dccb35e87a344b3f57504f7a4d63.yaml +++ b/nuclei-templates/2023/CVE-2023-49853-e5a1dccb35e87a344b3f57504f7a4d63.yaml @@ -2,11 +2,11 @@ id: CVE-2023-49853-e5a1dccb35e87a344b3f57504f7a4d63 info: name: > - PayTR Taksit Tablosu <= 1.3.1 - Improper Authorization + PayTR Taksit Tablosu <= 1.3.2 - Improper Authorization author: topscoder severity: medium description: > - The PayTR Taksit Tablosu plugin for WordPress is vulnerable to improper authorization in versions up to, and including, 1.3.1. This makes it possible for unauthenticated attackers to perform an unauthorized action. + The PayTR Taksit Tablosu plugin for WordPress is vulnerable to improper authorization in versions up to, and including, 1.3.2. This makes it possible for unauthenticated attackers to perform an unauthorized action. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/5898944f-565c-4950-83e8-ad0de0f948d1?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 1.3.1') \ No newline at end of file + - compare_versions(version, '<= 1.3.2') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-5001-b11be9f50998edc39a9a86bb324599c8.yaml b/nuclei-templates/2023/CVE-2023-5001-b11be9f50998edc39a9a86bb324599c8.yaml index d693a7e688..f05df65cfd 100644 --- a/nuclei-templates/2023/CVE-2023-5001-b11be9f50998edc39a9a86bb324599c8.yaml +++ b/nuclei-templates/2023/CVE-2023-5001-b11be9f50998edc39a9a86bb324599c8.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: low description: > - The Horizontal scrolling announcement for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'horizontal-scrolling' shortcode in versions up to, and including, 9.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + The Horizontal scrolling announcement plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'horizontal-scrolling' shortcode in versions up to, and including, 9.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/d4f60e8c-2745-4930-9101-914bd73c6e1c?source=api-prod diff --git a/nuclei-templates/2023/CVE-2023-50377-0b3d223d9c433b1b02a0f35f86f2c67c.yaml b/nuclei-templates/2023/CVE-2023-50377-0b3d223d9c433b1b02a0f35f86f2c67c.yaml index a46d334cb8..84f7f6b321 100644 --- a/nuclei-templates/2023/CVE-2023-50377-0b3d223d9c433b1b02a0f35f86f2c67c.yaml +++ b/nuclei-templates/2023/CVE-2023-50377-0b3d223d9c433b1b02a0f35f86f2c67c.yaml @@ -2,11 +2,11 @@ id: CVE-2023-50377-0b3d223d9c433b1b02a0f35f86f2c67c info: name: > - Simple Counter <= 1.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings + Simple Counter <= 1.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings author: topscoder severity: low description: > - The Simple Counter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. + The Simple Counter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/cb4eb28a-3dd5-4d8d-bef0-53cee7285180?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 1.0.2') \ No newline at end of file + - compare_versions(version, '<= 1.0.3') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-50889-a55e3dddbda8af17d5f3b44ddcb94684.yaml b/nuclei-templates/2023/CVE-2023-50889-a55e3dddbda8af17d5f3b44ddcb94684.yaml index 4bf83b1b04..5ecc89624f 100644 --- a/nuclei-templates/2023/CVE-2023-50889-a55e3dddbda8af17d5f3b44ddcb94684.yaml +++ b/nuclei-templates/2023/CVE-2023-50889-a55e3dddbda8af17d5f3b44ddcb94684.yaml @@ -11,8 +11,8 @@ info: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/4a13c7a1-f904-41b1-ab7f-2df95c9b2880?source=api-prod classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N - cvss-score: 5.3 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 cve-id: CVE-2023-50889 metadata: fofa-query: "wp-content/plugins/beaver-builder-lite-version/" diff --git a/nuclei-templates/2023/CVE-2023-50890-aa376aae510c39a36baec69a6468b0f5.yaml b/nuclei-templates/2023/CVE-2023-50890-aa376aae510c39a36baec69a6468b0f5.yaml index a10924fa56..e5e9b24b72 100644 --- a/nuclei-templates/2023/CVE-2023-50890-aa376aae510c39a36baec69a6468b0f5.yaml +++ b/nuclei-templates/2023/CVE-2023-50890-aa376aae510c39a36baec69a6468b0f5.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: low description: > - The Ultimate Addons for Elementor plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.36.20. This makes it possible for unauthenticated attackers to register as an administrator on vulnerable sites. + The Ultimate Addons for Elementor plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.36.20. This makes it possible for authenticated attackers, with contributor-level access and above, to register as an administrator on vulnerable sites. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/ea4b35ef-99ae-4ef9-8618-f9993306521b?source=api-prod diff --git a/nuclei-templates/2023/CVE-2023-52192-53cce7a940cf79bef7a87c2b237de615.yaml b/nuclei-templates/2023/CVE-2023-52192-53cce7a940cf79bef7a87c2b237de615.yaml index 10f59d212b..ecdebef010 100644 --- a/nuclei-templates/2023/CVE-2023-52192-53cce7a940cf79bef7a87c2b237de615.yaml +++ b/nuclei-templates/2023/CVE-2023-52192-53cce7a940cf79bef7a87c2b237de615.yaml @@ -2,11 +2,11 @@ id: CVE-2023-52192-53cce7a940cf79bef7a87c2b237de615 info: name: > - Keap Official Opt-in Forms <= 1.0.11 - Authenticated (Contributor+) Stored Cross-Site Scripting + Keap Official Opt-in Forms <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting author: topscoder severity: low description: > - The Keap Official Opt-in Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + The Keap Official Opt-in Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/9a0f1006-8015-4e67-9b03-16d3ad3c0e77?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 1.0.11') \ No newline at end of file + - compare_versions(version, '<= 2.0.1') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-5386-bd4cbaece0c1c641bb61c612b9f607ff.yaml b/nuclei-templates/2023/CVE-2023-5386-bd4cbaece0c1c641bb61c612b9f607ff.yaml index 667f4041dc..b4f0f66dbc 100644 --- a/nuclei-templates/2023/CVE-2023-5386-bd4cbaece0c1c641bb61c612b9f607ff.yaml +++ b/nuclei-templates/2023/CVE-2023-5386-bd4cbaece0c1c641bb61c612b9f607ff.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: low description: > - The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_delete_posts function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete arbitrary posts, including administrator posts, and posts not related to the Funnelforms Free plugin. + The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_delete_posts function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete arbitrary posts, including administrator posts, and posts not related to the Funnelforms Free plugin. CVE-2023-5990 appears to be a duplicate of this issue. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/400fe58b-8203-4fd5-a3d3-d30eb1b8cd85?source=api-prod diff --git a/nuclei-templates/2023/CVE-2023-5424-1e5f4c6ba714628c07cbc1e0947d1b83.yaml b/nuclei-templates/2023/CVE-2023-5424-1e5f4c6ba714628c07cbc1e0947d1b83.yaml index 4a0f96ba91..7971de2793 100644 --- a/nuclei-templates/2023/CVE-2023-5424-1e5f4c6ba714628c07cbc1e0947d1b83.yaml +++ b/nuclei-templates/2023/CVE-2023-5424-1e5f4c6ba714628c07cbc1e0947d1b83.yaml @@ -15,17 +15,17 @@ info: cvss-score: 4.7 cve-id: CVE-2023-5424 metadata: - fofa-query: "wp-content/plugins/ws-form/" - google-query: inurl:"/wp-content/plugins/ws-form/" + fofa-query: "wp-content/plugins/ws-form-pro/" + google-query: inurl:"/wp-content/plugins/ws-form-pro/" shodan-query: 'vuln:CVE-2023-5424' - tags: cve,wordpress,wp-plugin,ws-form,medium + tags: cve,wordpress,wp-plugin,ws-form-pro,medium http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/ws-form/readme.txt" + - "{{BaseURL}}/wp-content/plugins/ws-form-pro/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "ws-form" + - "ws-form-pro" part: body - type: dsl diff --git a/nuclei-templates/2023/CVE-2023-5530-4fb1fb524fb52deebe06cbf39a1fff54.yaml b/nuclei-templates/2023/CVE-2023-5530-4fb1fb524fb52deebe06cbf39a1fff54.yaml index f69df6f1f0..90e51fb182 100644 --- a/nuclei-templates/2023/CVE-2023-5530-4fb1fb524fb52deebe06cbf39a1fff54.yaml +++ b/nuclei-templates/2023/CVE-2023-5530-4fb1fb524fb52deebe06cbf39a1fff54.yaml @@ -15,17 +15,17 @@ info: cvss-score: 4.4 cve-id: CVE-2023-5530 metadata: - fofa-query: "wp-content/plugins/UNKNOWN-CVE-2023-5530-1/" - google-query: inurl:"/wp-content/plugins/UNKNOWN-CVE-2023-5530-1/" + fofa-query: "wp-content/plugins/ninja-forms/" + google-query: inurl:"/wp-content/plugins/ninja-forms/" shodan-query: 'vuln:CVE-2023-5530' - tags: cve,wordpress,wp-plugin,UNKNOWN-CVE-2023-5530-1,low + tags: cve,wordpress,wp-plugin,ninja-forms,low http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/UNKNOWN-CVE-2023-5530-1/readme.txt" + - "{{BaseURL}}/wp-content/plugins/ninja-forms/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "UNKNOWN-CVE-2023-5530-1" + - "ninja-forms" part: body - type: dsl diff --git a/nuclei-templates/2023/CVE-2023-5644-c9f9d61749c93112bad038b7c60fe5de.yaml b/nuclei-templates/2023/CVE-2023-5644-c9f9d61749c93112bad038b7c60fe5de.yaml index 6315e8b92c..ab35385d13 100644 --- a/nuclei-templates/2023/CVE-2023-5644-c9f9d61749c93112bad038b7c60fe5de.yaml +++ b/nuclei-templates/2023/CVE-2023-5644-c9f9d61749c93112bad038b7c60fe5de.yaml @@ -11,8 +11,8 @@ info: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/bf169c9c-26f6-4af7-926e-1be34e638fd6?source=api-prod classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N - cvss-score: 6.5 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 cve-id: CVE-2023-5644 metadata: fofa-query: "wp-content/plugins/wp-mail-log/" diff --git a/nuclei-templates/2023/CVE-2023-5651-50a9d81fe2a1e494afee567803f4d4d5.yaml b/nuclei-templates/2023/CVE-2023-5651-50a9d81fe2a1e494afee567803f4d4d5.yaml index 6291910dc1..e0ce89f52f 100644 --- a/nuclei-templates/2023/CVE-2023-5651-50a9d81fe2a1e494afee567803f4d4d5.yaml +++ b/nuclei-templates/2023/CVE-2023-5651-50a9d81fe2a1e494afee567803f4d4d5.yaml @@ -11,8 +11,8 @@ info: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/0439d2ee-7742-4aa7-ba4e-db55c6b2718e?source=api-prod classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N - cvss-score: 5.3 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N + cvss-score: 6.5 cve-id: CVE-2023-5651 metadata: fofa-query: "wp-content/plugins/wp-hotel-booking/" diff --git a/nuclei-templates/2023/CVE-2023-6266-6af625a8bfe3a26ad484ffa064b6aa2a.yaml b/nuclei-templates/2023/CVE-2023-6266-6af625a8bfe3a26ad484ffa064b6aa2a.yaml index 28583e0b4b..81e9619637 100644 --- a/nuclei-templates/2023/CVE-2023-6266-6af625a8bfe3a26ad484ffa064b6aa2a.yaml +++ b/nuclei-templates/2023/CVE-2023-6266-6af625a8bfe3a26ad484ffa064b6aa2a.yaml @@ -2,7 +2,7 @@ id: CVE-2023-6266-6af625a8bfe3a26ad484ffa064b6aa2a info: name: > - Backup Migration <= 1.3.6 - Unauthenticated Arbitrary File Download to Sensitive Information Exposure + Backup Migration <= 1.3.6 - Unauthenticated Arbitrary Backup Download to Sensitive Information Exposure author: topscoder severity: high description: > diff --git a/nuclei-templates/2023/CVE-2023-6279-90b7b4f51c6be2130f0fc246b2a1229e.yaml b/nuclei-templates/2023/CVE-2023-6279-90b7b4f51c6be2130f0fc246b2a1229e.yaml index 93b4c7970a..2fd533e158 100644 --- a/nuclei-templates/2023/CVE-2023-6279-90b7b4f51c6be2130f0fc246b2a1229e.yaml +++ b/nuclei-templates/2023/CVE-2023-6279-90b7b4f51c6be2130f0fc246b2a1229e.yaml @@ -2,11 +2,11 @@ id: CVE-2023-6279-90b7b4f51c6be2130f0fc246b2a1229e info: name: > - Woostify Sites Library + Woostify Sites Library <= 1.4.7 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update author: topscoder severity: low description: > - The Woostify Sites Library WordPress plugin before 1.4.8 does not have authorisation in an AJAX action, allowing any authenticated users, such as subscriber to update arbitrary blog options and set them to 'activated' which could lead to DoS when using a specific option name + The Woostify Sites Library plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX actions like 'woostify_sites_child_theme' in all versions up to, and including, 1.4.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary options to 'activated' which can lead to a denial of service. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/977ab23a-06b2-4f54-a2c2-3be2316eaceb?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '< 1.4.8') \ No newline at end of file + - compare_versions(version, '<= 1.4.7') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-6485-f2bc9dec6e5feb540146aa939e4017a6.yaml b/nuclei-templates/2023/CVE-2023-6485-f2bc9dec6e5feb540146aa939e4017a6.yaml index f52ad89fa1..aa49f3fa75 100644 --- a/nuclei-templates/2023/CVE-2023-6485-f2bc9dec6e5feb540146aa939e4017a6.yaml +++ b/nuclei-templates/2023/CVE-2023-6485-f2bc9dec6e5feb540146aa939e4017a6.yaml @@ -2,17 +2,17 @@ id: CVE-2023-6485-f2bc9dec6e5feb540146aa939e4017a6 info: name: > - Html5 Video Player <= 2.5.18 - Authenticated (Admin+) Stored Cross-Site Scripting + Html5 Video Player <= 2.5.18 - Authenticated (Subscriber+) Stored Cross-Site Scripting author: topscoder severity: low description: > - The Html5 Video Player – mp4 player, Video Player for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.5.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. + The Html5 Video Player – mp4 player, Video Player for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.5.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/0eb50d3f-9e01-4e3d-a3ed-8c3fec006be6?source=api-prod classification: - cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N - cvss-score: 4.4 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 cve-id: CVE-2023-6485 metadata: fofa-query: "wp-content/plugins/html5-video-player/" diff --git a/nuclei-templates/2023/CVE-2023-6591-90a20a0e401eb5a95f58ac10f21b5d25.yaml b/nuclei-templates/2023/CVE-2023-6591-90a20a0e401eb5a95f58ac10f21b5d25.yaml new file mode 100644 index 0000000000..5bc8abeebe --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-6591-90a20a0e401eb5a95f58ac10f21b5d25.yaml @@ -0,0 +1,59 @@ +id: CVE-2023-6591-90a20a0e401eb5a95f58ac10f21b5d25 + +info: + name: > + Popup Box Business (7.0.0 - 7.9.0) and Developer (20.0.0 - 20.9.0) - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Popup Box Business and Developer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions 20.0.0 to 20.9.0 (Developer) and versions 7.0.0 to 7.9.0 (Business) due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. Please note this affects the premium version of the plugin despite the shared slug. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/27a36e90-9678-4832-9f37-b54fe75f5571?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:N + cvss-score: 6.6 + cve-id: CVE-2023-6591 + metadata: + fofa-query: "wp-content/plugins/ays-popup-box/" + google-query: inurl:"/wp-content/plugins/ays-popup-box/" + shodan-query: 'vuln:CVE-2023-6591' + tags: cve,wordpress,wp-plugin,ays-popup-box,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ays-popup-box/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ays-popup-box" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 7.0.0', '< 7.9.0') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-6591-921b65555f0a73970561ef60d406e91d.yaml b/nuclei-templates/2023/CVE-2023-6591-921b65555f0a73970561ef60d406e91d.yaml index 4d7727770a..b3dde903f2 100644 --- a/nuclei-templates/2023/CVE-2023-6591-921b65555f0a73970561ef60d406e91d.yaml +++ b/nuclei-templates/2023/CVE-2023-6591-921b65555f0a73970561ef60d406e91d.yaml @@ -2,11 +2,11 @@ id: CVE-2023-6591-921b65555f0a73970561ef60d406e91d info: name: > - Popup Box Pro < 20.9.0 - Authenticated (Admin+) Stored Cross-Site Scripting + Popup Box Business (7.0.0 - 7.9.0) and Developer (20.0.0 - 20.9.0) - Authenticated (Admin+) Stored Cross-Site Scripting author: topscoder severity: low description: > - The Popup Box – Best WordPress Popup Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to 20.9.0 (exclusive) due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. Please note this affects the premium version of the plugin despite the shared slug. + The Popup Box Business and Developer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions 20.0.0 to 20.9.0 (Developer) and versions 7.0.0 to 7.9.0 (Business) due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. Please note this affects the premium version of the plugin despite the shared slug. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/27a36e90-9678-4832-9f37-b54fe75f5571?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '>= 7.0.0', '< 20.9.0') \ No newline at end of file + - compare_versions(version, '>= 20.0.0', '< 20.9.0') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-6701-01dd246392502be67b31ec8a1f7b3525.yaml b/nuclei-templates/2023/CVE-2023-6701-01dd246392502be67b31ec8a1f7b3525.yaml index deedada3f8..b7383c7ce8 100644 --- a/nuclei-templates/2023/CVE-2023-6701-01dd246392502be67b31ec8a1f7b3525.yaml +++ b/nuclei-templates/2023/CVE-2023-6701-01dd246392502be67b31ec8a1f7b3525.yaml @@ -15,17 +15,17 @@ info: cvss-score: 6.4 cve-id: CVE-2023-6701 metadata: - fofa-query: "wp-content/plugins/advanced-custom-fields/" - google-query: inurl:"/wp-content/plugins/advanced-custom-fields/" + fofa-query: "wp-content/plugins/advanced-custom-fields-pro/" + google-query: inurl:"/wp-content/plugins/advanced-custom-fields-pro/" shodan-query: 'vuln:CVE-2023-6701' - tags: cve,wordpress,wp-plugin,advanced-custom-fields,low + tags: cve,wordpress,wp-plugin,advanced-custom-fields-pro,low http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/advanced-custom-fields/readme.txt" + - "{{BaseURL}}/wp-content/plugins/advanced-custom-fields-pro/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "advanced-custom-fields" + - "advanced-custom-fields-pro" part: body - type: dsl diff --git a/nuclei-templates/2023/CVE-2023-6969-7d5808851d5edbe9ac3a7e2b3e116895.yaml b/nuclei-templates/2023/CVE-2023-6969-7d5808851d5edbe9ac3a7e2b3e116895.yaml index 8075fadb84..d846f272d2 100644 --- a/nuclei-templates/2023/CVE-2023-6969-7d5808851d5edbe9ac3a7e2b3e116895.yaml +++ b/nuclei-templates/2023/CVE-2023-6969-7d5808851d5edbe9ac3a7e2b3e116895.yaml @@ -11,8 +11,8 @@ info: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/76a0a87a-dff0-4a51-bad0-8868c342ecde?source=api-prod classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N - cvss-score: 5.3 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N + cvss-score: 4.3 cve-id: CVE-2023-6969 metadata: fofa-query: "wp-content/plugins/user-shortcodes-plus/" diff --git a/nuclei-templates/2023/CVE-2023-6994-98447c1fc5911db1ca768c6539dabaf3.yaml b/nuclei-templates/2023/CVE-2023-6994-98447c1fc5911db1ca768c6539dabaf3.yaml index 6b4b75bb71..d1257f16b0 100644 --- a/nuclei-templates/2023/CVE-2023-6994-98447c1fc5911db1ca768c6539dabaf3.yaml +++ b/nuclei-templates/2023/CVE-2023-6994-98447c1fc5911db1ca768c6539dabaf3.yaml @@ -11,8 +11,8 @@ info: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/611871cc-737f-44e3-baf5-dbaa8bd8eb81?source=api-prod classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N - cvss-score: 6.5 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 cve-id: CVE-2023-6994 metadata: fofa-query: "wp-content/plugins/list-category-posts/" diff --git a/nuclei-templates/2023/CVE-2023-7064-041c0e6f8555b021d4ff49207132b6b3.yaml b/nuclei-templates/2023/CVE-2023-7064-041c0e6f8555b021d4ff49207132b6b3.yaml index 80910f1555..c31b4f6280 100644 --- a/nuclei-templates/2023/CVE-2023-7064-041c0e6f8555b021d4ff49207132b6b3.yaml +++ b/nuclei-templates/2023/CVE-2023-7064-041c0e6f8555b021d4ff49207132b6b3.yaml @@ -2,11 +2,11 @@ id: CVE-2023-7064-041c0e6f8555b021d4ff49207132b6b3 info: name: > - Shortcodes and extra features for Phlox theme <= 2.15.2 - Authenticated (Subscriber+) PHP Object Injection via auxin_template_control_importer + Shortcodes and extra features for Phlox theme <= 2.16.2 - Authenticated (Subscriber+) PHP Object Injection via auxin_template_control_importer author: topscoder severity: low description: > - The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.15.2 via deserialization of untrusted input from the vulnerable 'id' parameter in the 'auxin_template_control_importer' function. This makes it possible for authenticated attackers able to upload a separate PHAR payload as an image file to inject a PHP Object, though the action itself is available to subscribers. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. + The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.16.2 via deserialization of untrusted input from the vulnerable 'id' parameter in the 'auxin_template_control_importer' function. This makes it possible for authenticated attackers able to upload a separate PHAR payload as an image file to inject a PHP Object, though the action itself is available to subscribers. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/f0882205-3037-4ada-9e44-ddd55d88fcb1?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 2.15.2') \ No newline at end of file + - compare_versions(version, '<= 2.16.2') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-7246-b96b09ae04ea20d9d42912359eae1134.yaml b/nuclei-templates/2023/CVE-2023-7246-b96b09ae04ea20d9d42912359eae1134.yaml index 5455fe8dda..b97fe26cce 100644 --- a/nuclei-templates/2023/CVE-2023-7246-b96b09ae04ea20d9d42912359eae1134.yaml +++ b/nuclei-templates/2023/CVE-2023-7246-b96b09ae04ea20d9d42912359eae1134.yaml @@ -2,23 +2,23 @@ id: CVE-2023-7246-b96b09ae04ea20d9d42912359eae1134 info: name: > - System Dashboard <= 2.8.9 - Authenticated (Administrator+) Stored Cross-Site Scripting + System Dashboard <= 2.8.9 - Reflected Cross-Site Scripting via X-Forwarded-For author: topscoder - severity: low + severity: medium description: > - The System Dashboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the X-Forwarded-For header in all versions up to, and including, 2.8.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. + The System Dashboard plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'X-Forwarded-For' header in all versions up to, and including, 2.8.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/c5b9e53e-d2d3-40a0-adba-f489343c6ee6?source=api-prod classification: - cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N - cvss-score: 4.4 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 cve-id: CVE-2023-7246 metadata: fofa-query: "wp-content/plugins/system-dashboard/" google-query: inurl:"/wp-content/plugins/system-dashboard/" shodan-query: 'vuln:CVE-2023-7246' - tags: cve,wordpress,wp-plugin,system-dashboard,low + tags: cve,wordpress,wp-plugin,system-dashboard,medium http: - method: GET diff --git a/nuclei-templates/2024/CVE-2024-0427-231dd63c0377305c06149c383a6fd42b.yaml b/nuclei-templates/2024/CVE-2024-0427-231dd63c0377305c06149c383a6fd42b.yaml index a692ded494..20a650cb65 100644 --- a/nuclei-templates/2024/CVE-2024-0427-231dd63c0377305c06149c383a6fd42b.yaml +++ b/nuclei-templates/2024/CVE-2024-0427-231dd63c0377305c06149c383a6fd42b.yaml @@ -15,17 +15,17 @@ info: cvss-score: 6.1 cve-id: CVE-2024-0427 metadata: - fofa-query: "wp-content/plugins/UNKNOWN-CVE-2024-4620-1/" - google-query: inurl:"/wp-content/plugins/UNKNOWN-CVE-2024-4620-1/" + fofa-query: "wp-content/plugins/arforms/" + google-query: inurl:"/wp-content/plugins/arforms/" shodan-query: 'vuln:CVE-2024-0427' - tags: cve,wordpress,wp-plugin,UNKNOWN-CVE-2024-4620-1,medium + tags: cve,wordpress,wp-plugin,arforms,medium http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/UNKNOWN-CVE-2024-4620-1/readme.txt" + - "{{BaseURL}}/wp-content/plugins/arforms/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "UNKNOWN-CVE-2024-4620-1" + - "arforms" part: body - type: dsl diff --git a/nuclei-templates/2024/CVE-2024-0586-b3520de13700aa4194262e1b5a1a238e.yaml b/nuclei-templates/2024/CVE-2024-0586-b3520de13700aa4194262e1b5a1a238e.yaml index 94d25519f1..80d6fe6168 100644 --- a/nuclei-templates/2024/CVE-2024-0586-b3520de13700aa4194262e1b5a1a238e.yaml +++ b/nuclei-templates/2024/CVE-2024-0586-b3520de13700aa4194262e1b5a1a238e.yaml @@ -11,8 +11,8 @@ info: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/c00ff4bd-d846-4e3f-95ed-2a6430c47ebf?source=api-prod classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N - cvss-score: 6.5 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 cve-id: CVE-2024-0586 metadata: fofa-query: "wp-content/plugins/essential-addons-for-elementor-lite/" diff --git a/nuclei-templates/2024/CVE-2024-0595-0d55e389b57053bf3df288270c74c4b4.yaml b/nuclei-templates/2024/CVE-2024-0595-0d55e389b57053bf3df288270c74c4b4.yaml index 641448a825..097bbdafef 100644 --- a/nuclei-templates/2024/CVE-2024-0595-0d55e389b57053bf3df288270c74c4b4.yaml +++ b/nuclei-templates/2024/CVE-2024-0595-0d55e389b57053bf3df288270c74c4b4.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: low description: > - The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpas_get_users() function hooked via AJAX in all versions up to, and including, 6.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve user data such as emails. + The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpas_get_users() function hooked via AJAX in all versions up to, and including, 6.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve user data such as emails. CVE-2024-35741 is likely a duplicate of this issue. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/bfb77432-e58d-466e-a366-8b8d7f1b6982?source=api-prod diff --git a/nuclei-templates/2024/CVE-2024-0596-50b54588a944eabbdf7699eb9eeceefa.yaml b/nuclei-templates/2024/CVE-2024-0596-50b54588a944eabbdf7699eb9eeceefa.yaml index 8c40e54a95..43d28be638 100644 --- a/nuclei-templates/2024/CVE-2024-0596-50b54588a944eabbdf7699eb9eeceefa.yaml +++ b/nuclei-templates/2024/CVE-2024-0596-50b54588a944eabbdf7699eb9eeceefa.yaml @@ -6,12 +6,12 @@ info: author: topscoder severity: low description: > - The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the editor_html() function in all versions up to, and including, 6.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to view password protected and draft posts. + The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the editor_html() function in all versions up to, and including, 6.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to view password protected and draft posts. CVE-2024-35741 is likely a duplicate of this issue. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/e4358e2a-b7f6-44b6-a38a-5b27cb15e1cd?source=api-prod classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 cve-id: CVE-2024-0596 metadata: diff --git a/nuclei-templates/2024/CVE-2024-10011-eefe8c0c540af6a79376e37c4cbbfad9.yaml b/nuclei-templates/2024/CVE-2024-10011-eefe8c0c540af6a79376e37c4cbbfad9.yaml index 71ad5b93b5..1202f41d6f 100644 --- a/nuclei-templates/2024/CVE-2024-10011-eefe8c0c540af6a79376e37c4cbbfad9.yaml +++ b/nuclei-templates/2024/CVE-2024-10011-eefe8c0c540af6a79376e37c4cbbfad9.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: low description: > - The BuddyPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 14.1.0 via the id parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform actions on files outside of the originally intended directory and enables file uploads to directories outside of the web root. Depending on server configuration it may be possible to upload files with double extensions. This vulnerability only affects Windows. + The BuddyPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 14.1.0 via the id parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform actions on files outside of the originally intended directory and enables file uploads to directories outside of the web root. Depending on server configuration it may be possible to upload files with double extensions. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/4327f414-64f4-4193-a5c0-2a5ecdd75e11?source=api-prod diff --git a/nuclei-templates/2024/CVE-2024-10048-b98a29a036ced771c9bb009b9895710a.yaml b/nuclei-templates/2024/CVE-2024-10048-b98a29a036ced771c9bb009b9895710a.yaml index 78a0b94339..9c00947064 100644 --- a/nuclei-templates/2024/CVE-2024-10048-b98a29a036ced771c9bb009b9895710a.yaml +++ b/nuclei-templates/2024/CVE-2024-10048-b98a29a036ced771c9bb009b9895710a.yaml @@ -15,17 +15,17 @@ info: cvss-score: 6.1 cve-id: CVE-2024-10048 metadata: - fofa-query: "wp-content/plugins/post-status-notifier/" - google-query: inurl:"/wp-content/plugins/post-status-notifier/" + fofa-query: "wp-content/plugins/post-status-notifier-lite/" + google-query: inurl:"/wp-content/plugins/post-status-notifier-lite/" shodan-query: 'vuln:CVE-2024-10048' - tags: cve,wordpress,wp-plugin,post-status-notifier,medium + tags: cve,wordpress,wp-plugin,post-status-notifier-lite,medium http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/post-status-notifier/readme.txt" + - "{{BaseURL}}/wp-content/plugins/post-status-notifier-lite/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "post-status-notifier" + - "post-status-notifier-lite" part: body - type: dsl diff --git a/nuclei-templates/2024/CVE-2024-10055-a7567bb6df1c6f932e81f3fa194c2a29.yaml b/nuclei-templates/2024/CVE-2024-10055-a7567bb6df1c6f932e81f3fa194c2a29.yaml index a0b9248e03..29597beab0 100644 --- a/nuclei-templates/2024/CVE-2024-10055-a7567bb6df1c6f932e81f3fa194c2a29.yaml +++ b/nuclei-templates/2024/CVE-2024-10055-a7567bb6df1c6f932e81f3fa194c2a29.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: low description: > - The Click to Chat – WP Support All-in-One Floating Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpsaio_snapchat shortcode in all versions up to, and including, 2.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + The Click to Chat – WP Support All-in-One Floating Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpsaio_snapchat shortcode in all versions up to, and including, 2.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2024-49281 may be a duplicate of this issue. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/b4c13600-0791-4ade-9c28-f43f164aedae?source=api-prod diff --git a/nuclei-templates/2024/CVE-2024-10078-ac3355172629b828c0c05e8735d48816.yaml b/nuclei-templates/2024/CVE-2024-10078-ac3355172629b828c0c05e8735d48816.yaml index 002cb7c8d1..f47758dbbb 100644 --- a/nuclei-templates/2024/CVE-2024-10078-ac3355172629b828c0c05e8735d48816.yaml +++ b/nuclei-templates/2024/CVE-2024-10078-ac3355172629b828c0c05e8735d48816.yaml @@ -11,8 +11,8 @@ info: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/d12c4b1c-23d0-430f-a6ea-0a3ab487ed10?source=api-prod classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L - cvss-score: 7.3 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 cve-id: CVE-2024-10078 metadata: fofa-query: "wp-content/plugins/easy-post-types/" diff --git a/nuclei-templates/2024/CVE-2024-10097-66fdd14b5978d2ebbd6a9fee52d080ec.yaml b/nuclei-templates/2024/CVE-2024-10097-66fdd14b5978d2ebbd6a9fee52d080ec.yaml index 822177765d..6299d607ff 100644 --- a/nuclei-templates/2024/CVE-2024-10097-66fdd14b5978d2ebbd6a9fee52d080ec.yaml +++ b/nuclei-templates/2024/CVE-2024-10097-66fdd14b5978d2ebbd6a9fee52d080ec.yaml @@ -15,17 +15,17 @@ info: cvss-score: 8.1 cve-id: CVE-2024-10097 metadata: - fofa-query: "wp-content/plugins/loginizer-security/" - google-query: inurl:"/wp-content/plugins/loginizer-security/" + fofa-query: "wp-content/plugins/loginizer/" + google-query: inurl:"/wp-content/plugins/loginizer/" shodan-query: 'vuln:CVE-2024-10097' - tags: cve,wordpress,wp-plugin,loginizer-security,critical + tags: cve,wordpress,wp-plugin,loginizer,critical http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/loginizer-security/readme.txt" + - "{{BaseURL}}/wp-content/plugins/loginizer/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "loginizer-security" + - "loginizer" part: body - type: dsl diff --git a/nuclei-templates/2024/CVE-2024-10260-0f500cb04d1d9154639ea4ef28029202.yaml b/nuclei-templates/2024/CVE-2024-10260-0f500cb04d1d9154639ea4ef28029202.yaml index 6749338cd2..4c057a56d5 100644 --- a/nuclei-templates/2024/CVE-2024-10260-0f500cb04d1d9154639ea4ef28029202.yaml +++ b/nuclei-templates/2024/CVE-2024-10260-0f500cb04d1d9154639ea4ef28029202.yaml @@ -2,11 +2,11 @@ id: CVE-2024-10260-0f500cb04d1d9154639ea4ef28029202 info: name: > - Tripetto <= 8.0.3 - Unauthentiated Stored Cross-Site Scripting via Form File Upload + Tripetto <= 8.0.6 - Unauthentiated Stored Cross-Site Scripting via Form File Upload author: topscoder severity: high description: > - The Tripetto plugin for WordPress is vulnerable to Stored Cross-Site Scripting via File uploads in all versions up to, and including, 8.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses the file. + The Tripetto plugin for WordPress is vulnerable to Stored Cross-Site Scripting via File uploads in all versions up to, and including, 8.0.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses the file. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/3718c252-2ca3-4f7d-b43a-3c1b2e6b34c0?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 8.0.3') \ No newline at end of file + - compare_versions(version, '<= 8.0.6') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-1044-5720ea5d7eef8537b26bc9836c2599a3.yaml b/nuclei-templates/2024/CVE-2024-1044-5720ea5d7eef8537b26bc9836c2599a3.yaml index d3a5146f9a..74409752db 100644 --- a/nuclei-templates/2024/CVE-2024-1044-5720ea5d7eef8537b26bc9836c2599a3.yaml +++ b/nuclei-templates/2024/CVE-2024-1044-5720ea5d7eef8537b26bc9836c2599a3.yaml @@ -2,7 +2,7 @@ id: CVE-2024-1044-5720ea5d7eef8537b26bc9836c2599a3 info: name: > - Customer Reviews for WooCommerce <= 5.38.12 - Improper Authorization via submit_review + Customer Reviews for WooCommerce <= 5.38.10 - Improper Authorization via submit_review author: topscoder severity: medium description: > diff --git a/nuclei-templates/2024/CVE-2024-10544-09e7902ad0b8f33d5cc3104966bee93f.yaml b/nuclei-templates/2024/CVE-2024-10544-09e7902ad0b8f33d5cc3104966bee93f.yaml index a96d729e8b..67c987afd7 100644 --- a/nuclei-templates/2024/CVE-2024-10544-09e7902ad0b8f33d5cc3104966bee93f.yaml +++ b/nuclei-templates/2024/CVE-2024-10544-09e7902ad0b8f33d5cc3104966bee93f.yaml @@ -2,11 +2,11 @@ id: CVE-2024-10544-09e7902ad0b8f33d5cc3104966bee93f info: name: > - Woo Manage Fraud Orders <= 6.1.7 - Unauthenticated Information Exposure via Log Files + Woo Manage Fraud Orders <= 2.6.1 - Unauthenticated Information Exposure via Log Files author: topscoder severity: medium description: > - The Woo Manage Fraud Orders plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.1.7 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information about users contained in the exposed log files. + The Woo Manage Fraud Orders plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.1 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information about users contained in the exposed log files. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/a62df5f6-64b0-4489-9dde-0d472040ee12?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 6.1.7') \ No newline at end of file + - compare_versions(version, '<= 2.6.1') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-10578-6bc0121b7a6d48f214b8939cb1f78d29.yaml b/nuclei-templates/2024/CVE-2024-10578-6bc0121b7a6d48f214b8939cb1f78d29.yaml index 1491e63422..3074e80e02 100644 --- a/nuclei-templates/2024/CVE-2024-10578-6bc0121b7a6d48f214b8939cb1f78d29.yaml +++ b/nuclei-templates/2024/CVE-2024-10578-6bc0121b7a6d48f214b8939cb1f78d29.yaml @@ -2,7 +2,7 @@ id: CVE-2024-10578-6bc0121b7a6d48f214b8939cb1f78d29 info: name: > - Pubnews <= 1.0.7 - Unauthenticated Arbitrary Plugin Installation + Pubnews <= 1.0.7 - Authenticated (Subscriber+) Arbitrary Plugin Installation author: topscoder severity: low description: > diff --git a/nuclei-templates/2024/CVE-2024-10586-1ccc6f2723a2f31b8fd563fbe61fe46e.yaml b/nuclei-templates/2024/CVE-2024-10586-1ccc6f2723a2f31b8fd563fbe61fe46e.yaml index 2e7d514f6a..b52d6f120c 100644 --- a/nuclei-templates/2024/CVE-2024-10586-1ccc6f2723a2f31b8fd563fbe61fe46e.yaml +++ b/nuclei-templates/2024/CVE-2024-10586-1ccc6f2723a2f31b8fd563fbe61fe46e.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: critical description: > - The Debug Tool plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check on the dbt_pull_image() function and missing file type validation in all versions up to, and including, 2.2. This makes it possible for unauthenticated attackers to to create arbitrary files such as .php files that can be leveraged for remote code execution. + The Debug Tool plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check on the dbt_pull_image() function and missing file type validation in all versions up to, and including, 2.2. This makes it possible for unauthenticated attackers to to create arbitrary files such as .php files that can be leveraged for remote code execution. CVE-2024-52416 may be a duplicate of this issue. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/5e9d5c93-dcd7-450e-8c52-5c95fc5473d2?source=api-prod diff --git a/nuclei-templates/2024/CVE-2024-10587-afbf26677da1e3c07f34d48f2d09d1d7.yaml b/nuclei-templates/2024/CVE-2024-10587-afbf26677da1e3c07f34d48f2d09d1d7.yaml index 5f5a7083ae..c484434e5d 100644 --- a/nuclei-templates/2024/CVE-2024-10587-afbf26677da1e3c07f34d48f2d09d1d7.yaml +++ b/nuclei-templates/2024/CVE-2024-10587-afbf26677da1e3c07f34d48f2d09d1d7.yaml @@ -2,11 +2,11 @@ id: CVE-2024-10587-afbf26677da1e3c07f34d48f2d09d1d7 info: name: > - Funnelforms Free <= 3.7.4.1 - Authenticated (Contributor+) PHP Object Injection + Funnelforms Free <= 3.7.5.1 - Authenticated (Contributor+) PHP Object Injection author: topscoder severity: low description: > - The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.7.4.1 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. + The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.7.5.1 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/701e6afe-08fa-49c7-a6da-cb266db07c48?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 3.7.4.1') \ No newline at end of file + - compare_versions(version, '<= 3.7.5.1') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-1061-c2234d6b671e34ecc87aded4a14cc4c8.yaml b/nuclei-templates/2024/CVE-2024-1061-c2234d6b671e34ecc87aded4a14cc4c8.yaml index 6faea5ee0a..5bae056251 100644 --- a/nuclei-templates/2024/CVE-2024-1061-c2234d6b671e34ecc87aded4a14cc4c8.yaml +++ b/nuclei-templates/2024/CVE-2024-1061-c2234d6b671e34ecc87aded4a14cc4c8.yaml @@ -15,17 +15,17 @@ info: cvss-score: 6.5 cve-id: CVE-2024-1061 metadata: - fofa-query: "wp-content/plugins/UNKNOWN-CVE-2023-6485-1/" - google-query: inurl:"/wp-content/plugins/UNKNOWN-CVE-2023-6485-1/" + fofa-query: "wp-content/plugins/html5-video-player/" + google-query: inurl:"/wp-content/plugins/html5-video-player/" shodan-query: 'vuln:CVE-2024-1061' - tags: cve,wordpress,wp-plugin,UNKNOWN-CVE-2023-6485-1,critical + tags: cve,wordpress,wp-plugin,html5-video-player,critical http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/UNKNOWN-CVE-2023-6485-1/readme.txt" + - "{{BaseURL}}/wp-content/plugins/html5-video-player/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "UNKNOWN-CVE-2023-6485-1" + - "html5-video-player" part: body - type: dsl diff --git a/nuclei-templates/2024/CVE-2024-10726-c318a8c946b3d6d34694edc4d0c54a26.yaml b/nuclei-templates/2024/CVE-2024-10726-c318a8c946b3d6d34694edc4d0c54a26.yaml index fdab437547..3ffc613f30 100644 --- a/nuclei-templates/2024/CVE-2024-10726-c318a8c946b3d6d34694edc4d0c54a26.yaml +++ b/nuclei-templates/2024/CVE-2024-10726-c318a8c946b3d6d34694edc4d0c54a26.yaml @@ -2,11 +2,11 @@ id: CVE-2024-10726-c318a8c946b3d6d34694edc4d0c54a26 info: name: > - Friendly Functions for Welcart <= 1.2.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting + Friendly Functions for Welcart <= 1.2.4 - Cross-Site Request Forgery to Reflected Cross-Site Scripting author: topscoder severity: medium description: > - The Friendly Functions for Welcart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.4. This is due to missing or incorrect nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + The Friendly Functions for Welcart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.4. This is due to missing nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/305f2f13-178d-4b49-b59b-abb35d111299?source=api-prod diff --git a/nuclei-templates/2024/CVE-2024-10849-c4f62162d556d3b337dc88f33abf0608.yaml b/nuclei-templates/2024/CVE-2024-10849-c4f62162d556d3b337dc88f33abf0608.yaml index 86e70fcd78..e970d22092 100644 --- a/nuclei-templates/2024/CVE-2024-10849-c4f62162d556d3b337dc88f33abf0608.yaml +++ b/nuclei-templates/2024/CVE-2024-10849-c4f62162d556d3b337dc88f33abf0608.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: low description: > - The NewsMash theme for WordPress is vulnerable to Stored Cross-Site Scripting via a malicious display name in all versions up to, and including, 1.0.71 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + The NewsMash theme for WordPress is vulnerable to Stored Cross-Site Scripting via a malicious display name in all versions up to, and including, 1.0.71 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2024-56208 is a duplicate of this issue. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/3bb30dac-e0f3-43dd-a20d-9af6c7af3cb4?source=api-prod diff --git a/nuclei-templates/2024/CVE-2024-10924-d175b370e2f26eeb10d3b1a66791dd6a.yaml b/nuclei-templates/2024/CVE-2024-10924-d175b370e2f26eeb10d3b1a66791dd6a.yaml index 6248b56ebb..cb26105e23 100644 --- a/nuclei-templates/2024/CVE-2024-10924-d175b370e2f26eeb10d3b1a66791dd6a.yaml +++ b/nuclei-templates/2024/CVE-2024-10924-d175b370e2f26eeb10d3b1a66791dd6a.yaml @@ -15,17 +15,17 @@ info: cvss-score: 9.8 cve-id: CVE-2024-10924 metadata: - fofa-query: "wp-content/plugins/really-simple-ssl-pro-multisite/" - google-query: inurl:"/wp-content/plugins/really-simple-ssl-pro-multisite/" + fofa-query: "wp-content/plugins/really-simple-ssl-pro/" + google-query: inurl:"/wp-content/plugins/really-simple-ssl-pro/" shodan-query: 'vuln:CVE-2024-10924' - tags: cve,wordpress,wp-plugin,really-simple-ssl-pro-multisite,critical + tags: cve,wordpress,wp-plugin,really-simple-ssl-pro,critical http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/really-simple-ssl-pro-multisite/readme.txt" + - "{{BaseURL}}/wp-content/plugins/really-simple-ssl-pro/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "really-simple-ssl-pro-multisite" + - "really-simple-ssl-pro" part: body - type: dsl diff --git a/nuclei-templates/2024/CVE-2024-1094-28bbaf5febf22938e52d5e0ad45af461.yaml b/nuclei-templates/2024/CVE-2024-1094-28bbaf5febf22938e52d5e0ad45af461.yaml index aed5e6cd50..18dbb97357 100644 --- a/nuclei-templates/2024/CVE-2024-1094-28bbaf5febf22938e52d5e0ad45af461.yaml +++ b/nuclei-templates/2024/CVE-2024-1094-28bbaf5febf22938e52d5e0ad45af461.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: high description: > - The Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the make_staff() function in all versions up to, and including, 1.0.21. This makes it possible for unauthenticated attackers to grant users staff permissions. + The Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the make_staff() function in all versions up to, and including, 1.0.21. This makes it possible for unauthenticated attackers to grant users staff permissions. CVE-2024-37427 is likely a duplicate of this issue. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/76fe8746-582e-49a5-b0c1-19d2aaef44df?source=api-prod diff --git a/nuclei-templates/2024/CVE-2024-10957-58746d66e4342826e83fd23d890caac0.yaml b/nuclei-templates/2024/CVE-2024-10957-58746d66e4342826e83fd23d890caac0.yaml index 50ea096036..5c48d22025 100644 --- a/nuclei-templates/2024/CVE-2024-10957-58746d66e4342826e83fd23d890caac0.yaml +++ b/nuclei-templates/2024/CVE-2024-10957-58746d66e4342826e83fd23d890caac0.yaml @@ -2,11 +2,11 @@ id: CVE-2024-10957-58746d66e4342826e83fd23d890caac0 info: name: > - UpdraftPlus: WP Backup & Migration Plugin <= 1.24.11 - Unauthenticated PHP Object Injection + UpdraftPlus: WP Backup & Migration Plugin 1.23.8 - 1.24.11 - Unauthenticated PHP Object Injection author: topscoder severity: critical description: > - The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.24.11 via deserialization of untrusted input in the 'recursive_unserialized_replace' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. An administrator must perform a search and replace action to trigger the exploit. + The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to PHP Object Injection in all versions from 1.23.8 to 1.24.11 via deserialization of untrusted input in the 'recursive_unserialized_replace' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present. An administrator must perform a search and replace action to trigger the exploit. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/4729ed37-96b2-4717-8a72-89b9a21ec058?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 1.24.11') \ No newline at end of file + - compare_versions(version, '>= 1.23.8', '<= 1.24.11') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-11010-7519a29fa5d8193b924c132cd64d9dbf.yaml b/nuclei-templates/2024/CVE-2024-11010-7519a29fa5d8193b924c132cd64d9dbf.yaml index f4792b9dcb..3da8f11f23 100644 --- a/nuclei-templates/2024/CVE-2024-11010-7519a29fa5d8193b924c132cd64d9dbf.yaml +++ b/nuclei-templates/2024/CVE-2024-11010-7519a29fa5d8193b924c132cd64d9dbf.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: low description: > - The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.4 via the 'default_lang' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. + The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to Local JavaScript File Inclusion in all versions up to, and including, 1.1.4 via the 'default_lang' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute arbitrary JavaScript files on the server, allowing the execution of any JavaScript code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/8e958653-36c4-4979-89e1-d9411a35a92a?source=api-prod diff --git a/nuclei-templates/2024/CVE-2024-11094-16bcde675cb0d64a03b0f91cfb9ac467.yaml b/nuclei-templates/2024/CVE-2024-11094-16bcde675cb0d64a03b0f91cfb9ac467.yaml index 6fe4ee07b5..2bf52ea0b0 100644 --- a/nuclei-templates/2024/CVE-2024-11094-16bcde675cb0d64a03b0f91cfb9ac467.yaml +++ b/nuclei-templates/2024/CVE-2024-11094-16bcde675cb0d64a03b0f91cfb9ac467.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: medium description: > - The 404 Solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.35.17 via the export feature. This makes it possible for unauthenticated attackers to extract sensitive data such as redirects including GET parameters which may reveal sensitive information. + The 404 Solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.35.17 via the export feature. This makes it possible for unauthenticated attackers to extract data such as redirects including GET parameters which may reveal sensitive information. On most sites this is unlikely to be the case. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/d738be73-2573-4fb8-b6f0-768a08628265?source=api-prod diff --git a/nuclei-templates/2024/CVE-2024-1125-5344a8df4ee7263657185efd443c0b22.yaml b/nuclei-templates/2024/CVE-2024-1125-5344a8df4ee7263657185efd443c0b22.yaml index 534ab4f7d4..0ab99345fe 100644 --- a/nuclei-templates/2024/CVE-2024-1125-5344a8df4ee7263657185efd443c0b22.yaml +++ b/nuclei-templates/2024/CVE-2024-1125-5344a8df4ee7263657185efd443c0b22.yaml @@ -11,8 +11,8 @@ info: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/b5278afb-9db3-4b1d-bb2f-e6595f0ac6dc?source=api-prod classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L - cvss-score: 6.5 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L + cvss-score: 5.4 cve-id: CVE-2024-1125 metadata: fofa-query: "wp-content/plugins/eventprime-event-calendar-management/" diff --git a/nuclei-templates/2024/CVE-2024-1126-6bafa5b3da4f53df7d3b25cb59f59ac9.yaml b/nuclei-templates/2024/CVE-2024-1126-6bafa5b3da4f53df7d3b25cb59f59ac9.yaml index d0e890f21d..ec5145ec0c 100644 --- a/nuclei-templates/2024/CVE-2024-1126-6bafa5b3da4f53df7d3b25cb59f59ac9.yaml +++ b/nuclei-templates/2024/CVE-2024-1126-6bafa5b3da4f53df7d3b25cb59f59ac9.yaml @@ -11,8 +11,8 @@ info: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/d266b6ee-24ec-4363-a986-5ccd4db5ae3c?source=api-prod classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N - cvss-score: 5.3 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N + cvss-score: 4.3 cve-id: CVE-2024-1126 metadata: fofa-query: "wp-content/plugins/eventprime-event-calendar-management/" diff --git a/nuclei-templates/2024/CVE-2024-11430-5dc7009ea5595c42ca9e89f3c97bfa7d.yaml b/nuclei-templates/2024/CVE-2024-11430-5dc7009ea5595c42ca9e89f3c97bfa7d.yaml index 686e76bdf8..684a9cce95 100644 --- a/nuclei-templates/2024/CVE-2024-11430-5dc7009ea5595c42ca9e89f3c97bfa7d.yaml +++ b/nuclei-templates/2024/CVE-2024-11430-5dc7009ea5595c42ca9e89f3c97bfa7d.yaml @@ -2,11 +2,11 @@ id: CVE-2024-11430-5dc7009ea5595c42ca9e89f3c97bfa7d info: name: > - SQL Chart Builder <= 2.3.6 - Authenticated (Contributor+) SQL Injection + SQL Chart Builder <= 2.3.7.1 - Authenticated (Contributor+) SQL Injection author: topscoder severity: low description: > - The SQL Chart Builder plugin for WordPress is vulnerable to SQL Injection via the 'arg1' arg of the 'gvn_schart_2' shortcode in all versions up to, and including, 2.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + The SQL Chart Builder plugin for WordPress is vulnerable to SQL Injection via the 'arg1' arg of the 'gvn_schart_2' shortcode in all versions up to, and including, 2.3.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/1f818aad-8d05-4665-a7dc-50bc56cbde5f?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 2.3.6') \ No newline at end of file + - compare_versions(version, '<= 2.3.7.1') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-11870-18a60dac2cb8234379aa9e30053765d9.yaml b/nuclei-templates/2024/CVE-2024-11870-18a60dac2cb8234379aa9e30053765d9.yaml index fd7d2964b7..6a312a95c6 100644 --- a/nuclei-templates/2024/CVE-2024-11870-18a60dac2cb8234379aa9e30053765d9.yaml +++ b/nuclei-templates/2024/CVE-2024-11870-18a60dac2cb8234379aa9e30053765d9.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: low description: > - The Event Registration Calendar By vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + The Event Registration Calendar By vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/e8cadb97-2f3e-4b00-ad00-118cf23d1592?source=api-prod diff --git a/nuclei-templates/2024/CVE-2024-11934-b7ea226cc20ec644795cc2d46b1d1262.yaml b/nuclei-templates/2024/CVE-2024-11934-b7ea226cc20ec644795cc2d46b1d1262.yaml index 56cfe2615a..6bcfec8fc2 100644 --- a/nuclei-templates/2024/CVE-2024-11934-b7ea226cc20ec644795cc2d46b1d1262.yaml +++ b/nuclei-templates/2024/CVE-2024-11934-b7ea226cc20ec644795cc2d46b1d1262.yaml @@ -2,11 +2,11 @@ id: CVE-2024-11934-b7ea226cc20ec644795cc2d46b1d1262 info: name: > - Formaloo Form Maker & Customer Analytics for WordPress & WooCommerce <= 2.1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via address Parameter + Formaloo Form Maker & Customer Analytics for WordPress & WooCommerce <= 2.1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode author: topscoder severity: low description: > - The Formaloo Form Maker & Customer Analytics for WordPress & WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘address’ parameter in all versions up to, and including, 2.1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + The Formaloo Form Maker & Customer Analytics for WordPress & WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'formaloo' shortcode in all versions up to, and including, 2.1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/4b7ddf44-a1d2-4042-9219-591ebc8e4250?source=api-prod diff --git a/nuclei-templates/2024/CVE-2024-11943-9cc06cbd2cda10ebe942d226be8a34ce.yaml b/nuclei-templates/2024/CVE-2024-11943-9cc06cbd2cda10ebe942d226be8a34ce.yaml index fb0b8dcd26..193138e156 100644 --- a/nuclei-templates/2024/CVE-2024-11943-9cc06cbd2cda10ebe942d226be8a34ce.yaml +++ b/nuclei-templates/2024/CVE-2024-11943-9cc06cbd2cda10ebe942d226be8a34ce.yaml @@ -2,11 +2,11 @@ id: CVE-2024-11943-9cc06cbd2cda10ebe942d226be8a34ce info: name: > - 워드프레스 결제 심플페이 – 우커머스 결제 플러그인 <= 5.2.2 - Reflected Cross-Site Scripting via add_query_arg Parameter + 워드프레스 결제 심플페이 – 우커머스 결제 플러그인 <= 5.2.2 - Reflected Cross-Site Scripting via add_query_arg Function author: topscoder severity: medium description: > - The 워드프레스 결제 심플페이 – 우커머스 결제 플러그인 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 5.2.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + The 워드프레스 결제 심플페이 – 우커머스 결제 플러그인 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg() function without appropriate escaping on the URL in all versions up to, and including, 5.2.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/3d85d609-781b-4f82-af57-124767f9d333?source=api-prod diff --git a/nuclei-templates/2024/CVE-2024-12026-c3675bda547bc33d41571993b615aadf.yaml b/nuclei-templates/2024/CVE-2024-12026-c3675bda547bc33d41571993b615aadf.yaml index 09fc29676e..fde2b69377 100644 --- a/nuclei-templates/2024/CVE-2024-12026-c3675bda547bc33d41571993b615aadf.yaml +++ b/nuclei-templates/2024/CVE-2024-12026-c3675bda547bc33d41571993b615aadf.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: low description: > - The Message Filter for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the saveFilter() function in all versions up to, and including, 1.6.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create new filters. + The Message Filter for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the saveFilter() function in all versions up to, and including, 1.6.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create new filters. CVE-2024-54254 may be a duplicate of this CVE. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/7e7044aa-a1e7-4b1d-9f50-5e250426c6b0?source=api-prod diff --git a/nuclei-templates/2024/CVE-2024-12062-e6f7834c3eb1eb9aabc9534922a2b0a2.yaml b/nuclei-templates/2024/CVE-2024-12062-e6f7834c3eb1eb9aabc9534922a2b0a2.yaml index a76edb971a..6260edd7f9 100644 --- a/nuclei-templates/2024/CVE-2024-12062-e6f7834c3eb1eb9aabc9534922a2b0a2.yaml +++ b/nuclei-templates/2024/CVE-2024-12062-e6f7834c3eb1eb9aabc9534922a2b0a2.yaml @@ -2,11 +2,11 @@ id: CVE-2024-12062-e6f7834c3eb1eb9aabc9534922a2b0a2 info: name: > - Charity Addon for Elementor <= 1.3.2 - Authenticated (Contributor+) Post Disclosure + Charity Addon for Elementor <= 1.3.3 - Authenticated (Contributor+) Post Disclosure author: topscoder severity: low description: > - The Charity Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.2 via the 'nacharity_elementor_template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to. + The Charity Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.3 via the 'nacharity_elementor_template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/7ac68314-c704-4273-addc-4bc623659769?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 1.3.2') \ No newline at end of file + - compare_versions(version, '<= 1.3.3') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-12155-7dae1ca184aa2d7a98e91ae763450832.yaml b/nuclei-templates/2024/CVE-2024-12155-7dae1ca184aa2d7a98e91ae763450832.yaml index a31de04437..436f1d7bda 100644 --- a/nuclei-templates/2024/CVE-2024-12155-7dae1ca184aa2d7a98e91ae763450832.yaml +++ b/nuclei-templates/2024/CVE-2024-12155-7dae1ca184aa2d7a98e91ae763450832.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: high description: > - The SV100 Companion plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the settings_import() function in all versions up to, and including, 2.0.02. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. + The SV100 Companion plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the settings_import() function in all versions up to, and including, 2.0.02. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. CVE-2024-54229 may be a duplicate of this issue. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/c244eb33-acaf-460b-ae1d-6688b21cc60f?source=api-prod diff --git a/nuclei-templates/2024/CVE-2024-12166-6e2be28a8c3bf8f7705203d8c2885904.yaml b/nuclei-templates/2024/CVE-2024-12166-6e2be28a8c3bf8f7705203d8c2885904.yaml index b297ebca1d..bd8b7f5f95 100644 --- a/nuclei-templates/2024/CVE-2024-12166-6e2be28a8c3bf8f7705203d8c2885904.yaml +++ b/nuclei-templates/2024/CVE-2024-12166-6e2be28a8c3bf8f7705203d8c2885904.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: medium description: > - The Shortcodes Blocks Creator Ultimate plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + The Shortcodes Blocks Creator Ultimate plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. CVE-2024-54264 may be a duplicate of this. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/6ece9b6d-6802-44b9-9ead-1563286f4ff3?source=api-prod diff --git a/nuclei-templates/2024/CVE-2024-12219-5a4cdf95041f5cf0bd0b7732bf8309db.yaml b/nuclei-templates/2024/CVE-2024-12219-5a4cdf95041f5cf0bd0b7732bf8309db.yaml index 1c8adc3ec4..74c74ed94b 100644 --- a/nuclei-templates/2024/CVE-2024-12219-5a4cdf95041f5cf0bd0b7732bf8309db.yaml +++ b/nuclei-templates/2024/CVE-2024-12219-5a4cdf95041f5cf0bd0b7732bf8309db.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: medium description: > - The Stop Registration Spam plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.23. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + The Stop Registration Spam plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.23. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. CVE-2024-56017 is likely a duplicate of this issue. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/2d5fb4ac-f86e-4b5e-ad4b-be19158ab745?source=api-prod diff --git a/nuclei-templates/2024/CVE-2024-12270-452333282a2aa14ca2b9778df2f2339d.yaml b/nuclei-templates/2024/CVE-2024-12270-452333282a2aa14ca2b9778df2f2339d.yaml index c68b564033..0cd556df49 100644 --- a/nuclei-templates/2024/CVE-2024-12270-452333282a2aa14ca2b9778df2f2339d.yaml +++ b/nuclei-templates/2024/CVE-2024-12270-452333282a2aa14ca2b9778df2f2339d.yaml @@ -2,11 +2,11 @@ id: CVE-2024-12270-452333282a2aa14ca2b9778df2f2339d info: name: > - Beautiful Taxonomy Filters <= 2.4.3 - Unauthenticated SQL Injection + Beautiful Taxonomy Filters <= 2.4.4 - Unauthenticated SQL Injection author: topscoder severity: critical description: > - The Beautiful taxonomy filters plugin for WordPress is vulnerable to SQL Injection via the 'selects[0][term]' parameter in all versions up to, and including, 2.4.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + The Beautiful taxonomy filters plugin for WordPress is vulnerable to SQL Injection via the 'selects[0][term]' parameter in all versions up to, and including, 2.4.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/75c9c106-d1f9-43ee-be1f-3eddec8f2529?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 2.4.3') \ No newline at end of file + - compare_versions(version, '<= 2.4.4') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-12463-6eda08e61f79b144451ec9eed8e6585a.yaml b/nuclei-templates/2024/CVE-2024-12463-6eda08e61f79b144451ec9eed8e6585a.yaml index 41f4ea0b69..f6408e6f0e 100644 --- a/nuclei-templates/2024/CVE-2024-12463-6eda08e61f79b144451ec9eed8e6585a.yaml +++ b/nuclei-templates/2024/CVE-2024-12463-6eda08e61f79b144451ec9eed8e6585a.yaml @@ -2,11 +2,11 @@ id: CVE-2024-12463-6eda08e61f79b144451ec9eed8e6585a info: name: > - Arena.IM – Live Blogging for real-time events <= 0.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via arena_embed_amp Shortcode + Arena.IM – Live Blogging for real-time events <= 0.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via arena_embed_amp Shortcode author: topscoder severity: low description: > - The Arena.IM – Live Blogging for real-time events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'arena_embed_amp' shortcode in all versions up to, and including, 0.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + The Arena.IM – Live Blogging for real-time events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'arena_embed_amp' shortcode in all versions up to, and including, 0.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/729492e8-5625-444f-84ed-36b72cebc722?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 0.3.0') \ No newline at end of file + - compare_versions(version, '<= 0.4.1') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-12472-bbd3cb4cd6ffd12fcfbdceb8ac2c2783.yaml b/nuclei-templates/2024/CVE-2024-12472-bbd3cb4cd6ffd12fcfbdceb8ac2c2783.yaml index 000be736c4..bb3e64048e 100644 --- a/nuclei-templates/2024/CVE-2024-12472-bbd3cb4cd6ffd12fcfbdceb8ac2c2783.yaml +++ b/nuclei-templates/2024/CVE-2024-12472-bbd3cb4cd6ffd12fcfbdceb8ac2c2783.yaml @@ -6,13 +6,13 @@ info: author: topscoder severity: low description: > - The Post Duplicator plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.36 via the mtphr_duplicate_post() due to insufficient restrictions on which posts can be duplicated. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from password protected, private, or draft posts that they should not have access to by duplicating the post. + The Post Duplicator plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.36 via the mtphr_duplicate_post() function due to insufficient restrictions on which posts can be duplicated. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from password protected, private, or draft posts that they should not have access to by duplicating the post. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/3071b2dc-9673-4e30-bd04-7404eb6a1ed9?source=api-prod classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N - cvss-score: 5.3 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N + cvss-score: 4.3 cve-id: CVE-2024-12472 metadata: fofa-query: "wp-content/plugins/post-duplicator/" diff --git a/nuclei-templates/2024/CVE-2024-12526-d0175a79efc04628234f5b16874bd415.yaml b/nuclei-templates/2024/CVE-2024-12526-d0175a79efc04628234f5b16874bd415.yaml index e01d4f2546..05b610a89e 100644 --- a/nuclei-templates/2024/CVE-2024-12526-d0175a79efc04628234f5b16874bd415.yaml +++ b/nuclei-templates/2024/CVE-2024-12526-d0175a79efc04628234f5b16874bd415.yaml @@ -2,11 +2,11 @@ id: CVE-2024-12526-d0175a79efc04628234f5b16874bd415 info: name: > - Arena.IM – Live Blogging for real-time events <= 0.3.0 - Cross-Site Request Forgery to Settings Update + Arena.IM – Live Blogging for real-time events <= 0.4.1 - Cross-Site Request Forgery to Settings Update author: topscoder severity: medium description: > - The Arena.IM – Live Blogging for real-time events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.3.0. This is due to missing or incorrect nonce validation on the 'albfre_user_action' AJAX action. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + The Arena.IM – Live Blogging for real-time events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.4.1. This is due to missing or incorrect nonce validation on the 'albfre_user_action' AJAX action. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/f9173644-f0b2-4de3-8e58-fd556d8e38cd?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 0.3.0') \ No newline at end of file + - compare_versions(version, '<= 0.4.1') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-12605-fe281b866cada951d2a5d1563301c563.yaml b/nuclei-templates/2024/CVE-2024-12605-fe281b866cada951d2a5d1563301c563.yaml index 76d7333024..ead6170876 100644 --- a/nuclei-templates/2024/CVE-2024-12605-fe281b866cada951d2a5d1563301c563.yaml +++ b/nuclei-templates/2024/CVE-2024-12605-fe281b866cada951d2a5d1563301c563.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: medium description: > - The AI Scribe – SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin ChatGPT (GPT-4o 128K) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3. This is due to missing or incorrect nonce validation on the "al_scribe_engine_request_data" and "al_scribe_content_data" actions. This makes it possible for unauthenticated attackers to update plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + The AI Scribe – SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin ChatGPT (GPT-4o 128K) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3. This is due to missing or incorrect nonce validation on the "al_scribe_content_data" actions. This makes it possible for unauthenticated attackers to update plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/52a8718f-2c4d-4da1-a81f-e93dff3fa43b?source=api-prod diff --git a/nuclei-templates/2024/CVE-2024-12781-da5a0f68261093836b35ddd86a43ff7a.yaml b/nuclei-templates/2024/CVE-2024-12781-da5a0f68261093836b35ddd86a43ff7a.yaml index bbe01fb200..18b2ce0062 100644 --- a/nuclei-templates/2024/CVE-2024-12781-da5a0f68261093836b35ddd86a43ff7a.yaml +++ b/nuclei-templates/2024/CVE-2024-12781-da5a0f68261093836b35ddd86a43ff7a.yaml @@ -15,17 +15,17 @@ info: cvss-score: 4.3 cve-id: CVE-2024-12781 metadata: - fofa-query: "wp-content/themes/aurum-minimalist-shopping-theme/" - google-query: inurl:"/wp-content/themes/aurum-minimalist-shopping-theme/" + fofa-query: "wp-content/themes/aurum/" + google-query: inurl:"/wp-content/themes/aurum/" shodan-query: 'vuln:CVE-2024-12781' - tags: cve,wordpress,wp-theme,aurum-minimalist-shopping-theme,low + tags: cve,wordpress,wp-theme,aurum,low http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/themes/aurum-minimalist-shopping-theme/style.css" + - "{{BaseURL}}/wp-content/themes/aurum/style.css" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "aurum-minimalist-shopping-theme" + - "aurum" part: body - type: dsl diff --git a/nuclei-templates/2024/CVE-2024-1295-fd7d92919a545102dfe0e9ff6e93dd07.yaml b/nuclei-templates/2024/CVE-2024-1295-fd7d92919a545102dfe0e9ff6e93dd07.yaml index 88d63399df..23834d2fbf 100644 --- a/nuclei-templates/2024/CVE-2024-1295-fd7d92919a545102dfe0e9ff6e93dd07.yaml +++ b/nuclei-templates/2024/CVE-2024-1295-fd7d92919a545102dfe0e9ff6e93dd07.yaml @@ -15,17 +15,17 @@ info: cvss-score: 4.3 cve-id: CVE-2024-1295 metadata: - fofa-query: "wp-content/plugins/the-events-calendar/" - google-query: inurl:"/wp-content/plugins/the-events-calendar/" + fofa-query: "wp-content/plugins/events-calendar-pro/" + google-query: inurl:"/wp-content/plugins/events-calendar-pro/" shodan-query: 'vuln:CVE-2024-1295' - tags: cve,wordpress,wp-plugin,the-events-calendar,low + tags: cve,wordpress,wp-plugin,events-calendar-pro,low http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/the-events-calendar/readme.txt" + - "{{BaseURL}}/wp-content/plugins/events-calendar-pro/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "the-events-calendar" + - "events-calendar-pro" part: body - type: dsl diff --git a/nuclei-templates/2024/CVE-2024-13010-daedbf74044dd7c71e926d1a21a741a2.yaml b/nuclei-templates/2024/CVE-2024-13010-daedbf74044dd7c71e926d1a21a741a2.yaml new file mode 100644 index 0000000000..020b0921c2 --- /dev/null +++ b/nuclei-templates/2024/CVE-2024-13010-daedbf74044dd7c71e926d1a21a741a2.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-13010-daedbf74044dd7c71e926d1a21a741a2 + +info: + name: > + WP Foodbakery <= 4.7 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The WP Foodbakery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 4.7 due to insufficient input sanitization and output escaping on the 'search_type' parameter. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f267527d-5fb5-4fc2-bb35-bc60854f1a68?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2024-13010 + metadata: + fofa-query: "wp-content/plugins/wp-foodbakery/" + google-query: inurl:"/wp-content/plugins/wp-foodbakery/" + shodan-query: 'vuln:CVE-2024-13010' + tags: cve,wordpress,wp-plugin,wp-foodbakery,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-foodbakery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-foodbakery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.7') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-13011-333c9850f48481f50441809b46852575.yaml b/nuclei-templates/2024/CVE-2024-13011-333c9850f48481f50441809b46852575.yaml new file mode 100644 index 0000000000..7366374ce3 --- /dev/null +++ b/nuclei-templates/2024/CVE-2024-13011-333c9850f48481f50441809b46852575.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-13011-333c9850f48481f50441809b46852575 + +info: + name: > + WP Foodbakery <= 4.7 - Unauthenticated Arbitrary File Upload + author: topscoder + severity: critical + description: > + The WP Foodbakery plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'upload_publisher_profile_image' function in versions up to, and including, 4.7. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/850fc4db-6e02-44c7-836a-02c433a0bae7?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2024-13011 + metadata: + fofa-query: "wp-content/plugins/wp-foodbakery/" + google-query: inurl:"/wp-content/plugins/wp-foodbakery/" + shodan-query: 'vuln:CVE-2024-13011' + tags: cve,wordpress,wp-plugin,wp-foodbakery,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-foodbakery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-foodbakery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.7') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-1306-3818a4a4b0a57ed695fb290b3a0fc3e3.yaml b/nuclei-templates/2024/CVE-2024-1306-3818a4a4b0a57ed695fb290b3a0fc3e3.yaml index fdf5df04d9..1061d68232 100644 --- a/nuclei-templates/2024/CVE-2024-1306-3818a4a4b0a57ed695fb290b3a0fc3e3.yaml +++ b/nuclei-templates/2024/CVE-2024-1306-3818a4a4b0a57ed695fb290b3a0fc3e3.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: medium description: > - The Smart Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.943. This is due to missing or incorrect nonce validation on several functions in the smart-forms-ajax.php file. This makes it possible for unauthenticated attackers to perform unauthorized actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + The Smart Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.93. This is due to missing or incorrect nonce validation on several functions in the smart-forms-ajax.php file. This makes it possible for unauthenticated attackers to perform unauthorized actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/9ed9c59c-191f-4219-8701-ce2f088b3b6d?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 2.6.943') \ No newline at end of file + - compare_versions(version, '<= 2.6.93') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-1311-1354ea94a1954a1760cb46a363e40e35.yaml b/nuclei-templates/2024/CVE-2024-1311-1354ea94a1954a1760cb46a363e40e35.yaml index 51f1c2ac08..beef87e004 100644 --- a/nuclei-templates/2024/CVE-2024-1311-1354ea94a1954a1760cb46a363e40e35.yaml +++ b/nuclei-templates/2024/CVE-2024-1311-1354ea94a1954a1760cb46a363e40e35.yaml @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '2.4.40') \ No newline at end of file + - compare_versions(version, '<= 2.4.40') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-1328-30983465aa98e24ec3e7a3b1264b8d9c.yaml b/nuclei-templates/2024/CVE-2024-1328-30983465aa98e24ec3e7a3b1264b8d9c.yaml index 4cf82daa01..b01a58425e 100644 --- a/nuclei-templates/2024/CVE-2024-1328-30983465aa98e24ec3e7a3b1264b8d9c.yaml +++ b/nuclei-templates/2024/CVE-2024-1328-30983465aa98e24ec3e7a3b1264b8d9c.yaml @@ -2,11 +2,11 @@ id: CVE-2024-1328-30983465aa98e24ec3e7a3b1264b8d9c info: name: > - Newsletter2Go <= 4.0.13 - Authenticated(Subscriber+) Stored Cross-Site Scripting via style + Newsletter2Go <= 4.0.14 - Authenticated(Subscriber+) Stored Cross-Site Scripting via style author: topscoder severity: low description: > - The Newsletter2Go plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘style’ parameter in all versions up to, and including, 4.0.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + The Newsletter2Go plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘style’ parameter in all versions up to, and including, 4.0.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/766ac399-7280-4186-8972-94da813da85e?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 4.0.13') \ No newline at end of file + - compare_versions(version, '<= 4.0.14') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-13368-22a315336d0bbb7a2db1c2348cc1378a.yaml b/nuclei-templates/2024/CVE-2024-13368-22a315336d0bbb7a2db1c2348cc1378a.yaml index 60709cd3f9..2d8c8346f0 100644 --- a/nuclei-templates/2024/CVE-2024-13368-22a315336d0bbb7a2db1c2348cc1378a.yaml +++ b/nuclei-templates/2024/CVE-2024-13368-22a315336d0bbb7a2db1c2348cc1378a.yaml @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 1.3.2') \ No newline at end of file + - compare_versions(version, '<= 1.3.3') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-13370-f6a2b383b84310da80bab7b546d3922c.yaml b/nuclei-templates/2024/CVE-2024-13370-f6a2b383b84310da80bab7b546d3922c.yaml index c3c13e050d..9917e6accc 100644 --- a/nuclei-templates/2024/CVE-2024-13370-f6a2b383b84310da80bab7b546d3922c.yaml +++ b/nuclei-templates/2024/CVE-2024-13370-f6a2b383b84310da80bab7b546d3922c.yaml @@ -2,11 +2,11 @@ id: CVE-2024-13370-f6a2b383b84310da80bab7b546d3922c info: name: > - Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress <= 1.3.2 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update (save_addon_key_license) + Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress <= 1.3.3 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update (save_addon_key_license) author: topscoder severity: low description: > - The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the save_addon_key_license() function in all versions up to, and including, 1.3.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options to a value of a valid license key. + The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the save_addon_key_license() function in all versions up to, and including, 1.3.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options to a value of a valid license key. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/f234d676-86ac-47ab-b8b3-b0459cbb4538?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 1.3.2') \ No newline at end of file + - compare_versions(version, '<= 1.3.3') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-13659-6e5a24d2c212595ebbfa3f6dbd7af668.yaml b/nuclei-templates/2024/CVE-2024-13659-6e5a24d2c212595ebbfa3f6dbd7af668.yaml index 8cf4642d4e..65a810e888 100644 --- a/nuclei-templates/2024/CVE-2024-13659-6e5a24d2c212595ebbfa3f6dbd7af668.yaml +++ b/nuclei-templates/2024/CVE-2024-13659-6e5a24d2c212595ebbfa3f6dbd7af668.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: low description: > - The Listamester plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'listamester' shortcode in all versions up to, and including, 2.3.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + The Listamester plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'listamester' shortcode in all versions up to, and including, 2.3.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2025-24678 is a duplicate of this. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/68b4358d-d4b4-415b-a19f-e58b155ceac9?source=api-prod diff --git a/nuclei-templates/2024/CVE-2024-1375-1c5d367114d7ddb0cfb5bf0cfba7e6f4.yaml b/nuclei-templates/2024/CVE-2024-1375-1c5d367114d7ddb0cfb5bf0cfba7e6f4.yaml index c75d21759f..b5d1d72527 100644 --- a/nuclei-templates/2024/CVE-2024-1375-1c5d367114d7ddb0cfb5bf0cfba7e6f4.yaml +++ b/nuclei-templates/2024/CVE-2024-1375-1c5d367114d7ddb0cfb5bf0cfba7e6f4.yaml @@ -2,11 +2,11 @@ id: CVE-2024-1375-1c5d367114d7ddb0cfb5bf0cfba7e6f4 info: name: > - Event post <= 5.9.5 - Cross-Site Request Forgery + Event post <= 5.9.8 - Cross-Site Request Forgery author: topscoder severity: medium description: > - The Event post plugin for WordPress is vulnerable to unauthorized bulk metadata update due to a missing nonce check on the save_bulkdatas function in all versions up to, and including, 5.9.5. This makes it possible for unauthenticated attackers to update post_meta_data via a forged request, granted they can trick a logged-in user into performing an action such as clicking on a link. + The Event post plugin for WordPress is vulnerable to unauthorized bulk metadata update due to a missing nonce check on the save_bulkdatas function in all versions up to, and including, 5.9.8. This makes it possible for unauthenticated attackers to update post_meta_data via a forged request, granted they can trick a logged-in user into performing an action such as clicking on a link. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/964950dc-d8e1-4a9b-bef2-ea51abc5a925?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 5.9.5') \ No newline at end of file + - compare_versions(version, '<= 5.9.8') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-1383-7b045eb38e258dc8f4536f2cc37c96c3.yaml b/nuclei-templates/2024/CVE-2024-1383-7b045eb38e258dc8f4536f2cc37c96c3.yaml index ed16365fec..baf1d96fa1 100644 --- a/nuclei-templates/2024/CVE-2024-1383-7b045eb38e258dc8f4536f2cc37c96c3.yaml +++ b/nuclei-templates/2024/CVE-2024-1383-7b045eb38e258dc8f4536f2cc37c96c3.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: medium description: > - The WPvivid Backup for MainWP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'id' parameter in all versions up to, and including, 0.9.32 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + The WPvivid Backup for MainWP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'id' parameter in all versions up to, and including, 0.9.32 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. CVE-2024-35664 is likely a duplicate of this issue. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/2a8430ed-6aeb-46a3-8c42-59646845706e?source=api-prod diff --git a/nuclei-templates/2024/CVE-2024-1412-013968d29257ecaed8d8c4213c555b22.yaml b/nuclei-templates/2024/CVE-2024-1412-013968d29257ecaed8d8c4213c555b22.yaml index d8b798a885..c9132a034d 100644 --- a/nuclei-templates/2024/CVE-2024-1412-013968d29257ecaed8d8c4213c555b22.yaml +++ b/nuclei-templates/2024/CVE-2024-1412-013968d29257ecaed8d8c4213c555b22.yaml @@ -2,7 +2,7 @@ id: CVE-2024-1412-013968d29257ecaed8d8c4213c555b22 info: name: > - Memberpress <= 1.11.26 - Reflected Cross-Site Scripting via message and error + Memberpress <= 1.11.24 - Reflected Cross-Site Scripting via message and error author: topscoder severity: medium description: > diff --git a/nuclei-templates/2024/CVE-2024-1686-00b86f64e25d650138c9baf8b4e8dcd2.yaml b/nuclei-templates/2024/CVE-2024-1686-00b86f64e25d650138c9baf8b4e8dcd2.yaml index ea1ab161af..6cc55c1bb7 100644 --- a/nuclei-templates/2024/CVE-2024-1686-00b86f64e25d650138c9baf8b4e8dcd2.yaml +++ b/nuclei-templates/2024/CVE-2024-1686-00b86f64e25d650138c9baf8b4e8dcd2.yaml @@ -11,8 +11,8 @@ info: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/2e7ebc0c-6936-4632-a602-7131c7d8bd6a?source=api-prod classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N - cvss-score: 5.3 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N + cvss-score: 4.3 cve-id: CVE-2024-1686 metadata: fofa-query: "wp-content/plugins/woo-thank-you-page-customizer/" diff --git a/nuclei-templates/2024/CVE-2024-1689-27bd7427e9ad393d0cf747080614eaff.yaml b/nuclei-templates/2024/CVE-2024-1689-27bd7427e9ad393d0cf747080614eaff.yaml index ace69bde5b..a9f24f1bea 100644 --- a/nuclei-templates/2024/CVE-2024-1689-27bd7427e9ad393d0cf747080614eaff.yaml +++ b/nuclei-templates/2024/CVE-2024-1689-27bd7427e9ad393d0cf747080614eaff.yaml @@ -11,8 +11,8 @@ info: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/3830c901-be36-4c4b-976b-d388b6af0c67?source=api-prod classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N - cvss-score: 5.3 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 cve-id: CVE-2024-1689 metadata: fofa-query: "wp-content/plugins/woo-tools/" diff --git a/nuclei-templates/2024/CVE-2024-1771-96d35c340378a4b9a005e57e402c605d.yaml b/nuclei-templates/2024/CVE-2024-1771-96d35c340378a4b9a005e57e402c605d.yaml index 589534c9e1..cc0007c588 100644 --- a/nuclei-templates/2024/CVE-2024-1771-96d35c340378a4b9a005e57e402c605d.yaml +++ b/nuclei-templates/2024/CVE-2024-1771-96d35c340378a4b9a005e57e402c605d.yaml @@ -11,8 +11,8 @@ info: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/26b64ae3-5839-47d5-9c65-7c595bb18e6c?source=api-prod classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N - cvss-score: 5.3 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 cve-id: CVE-2024-1771 metadata: fofa-query: "wp-content/themes/total/" diff --git a/nuclei-templates/2024/CVE-2024-1798-727d96016356f2ea814787245734709f.yaml b/nuclei-templates/2024/CVE-2024-1798-727d96016356f2ea814787245734709f.yaml index e956d24913..9cc8867e0f 100644 --- a/nuclei-templates/2024/CVE-2024-1798-727d96016356f2ea814787245734709f.yaml +++ b/nuclei-templates/2024/CVE-2024-1798-727d96016356f2ea814787245734709f.yaml @@ -2,11 +2,11 @@ id: CVE-2024-1798-727d96016356f2ea814787245734709f info: name: > - Tutor LMS – Migration Tool <= 2.2.0 - Missing Authorization in tutor_lp_export_xml + Tutor LMS – Migration Tool <= 2.2.2 - Missing Authorization in tutor_lp_export_xml author: topscoder severity: high description: > - The Tutor LMS – Migration Tool plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the tutor_lp_export_xml function in all versions up to, and including, 2.2.0. This makes it possible for unauthenticated attackers to export courses, including private and password protected courses. + The Tutor LMS – Migration Tool plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the tutor_lp_export_xml function in all versions up to, and including, 2.2.2. This makes it possible for unauthenticated attackers to export courses, including private and password protected courses. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/0cb67f55-6d21-4a4e-9651-fcf671788d16?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 2.2.0') \ No newline at end of file + - compare_versions(version, '<= 2.2.2') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-1804-675fd4a7382f103477cf9c96dcd88376.yaml b/nuclei-templates/2024/CVE-2024-1804-675fd4a7382f103477cf9c96dcd88376.yaml index 16b6136d4c..1518b32d37 100644 --- a/nuclei-templates/2024/CVE-2024-1804-675fd4a7382f103477cf9c96dcd88376.yaml +++ b/nuclei-templates/2024/CVE-2024-1804-675fd4a7382f103477cf9c96dcd88376.yaml @@ -2,11 +2,11 @@ id: CVE-2024-1804-675fd4a7382f103477cf9c96dcd88376 info: name: > - Tutor LMS – Migration Tool <= 2.2.0 - Missing Authorization in tutor_import_from_xml + Tutor LMS – Migration Tool <= 2.2.2 - Missing Authorization in tutor_import_from_xml author: topscoder severity: low description: > - The Tutor LMS – Migration Tool plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tutor_import_from_xml function in all versions up to, and including, 2.2.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to import courses. + The Tutor LMS – Migration Tool plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tutor_import_from_xml function in all versions up to, and including, 2.2.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to import courses. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/0a49a22e-d54e-461d-83c2-8278494eac13?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 2.2.0') \ No newline at end of file + - compare_versions(version, '<= 2.2.2') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-1934-82c509c8a1e0b3d641aac353668f8770.yaml b/nuclei-templates/2024/CVE-2024-1934-82c509c8a1e0b3d641aac353668f8770.yaml index 4657814e00..296ca87ada 100644 --- a/nuclei-templates/2024/CVE-2024-1934-82c509c8a1e0b3d641aac353668f8770.yaml +++ b/nuclei-templates/2024/CVE-2024-1934-82c509c8a1e0b3d641aac353668f8770.yaml @@ -2,7 +2,7 @@ id: CVE-2024-1934-82c509c8a1e0b3d641aac353668f8770 info: name: > - WP Compress – Image Optimizer <= 6.11.10 - Missing Authorization to Unauthenticated CDN Modification + WP Compress – Image Optimizer <= 6.11.08 - Missing Authorization to Unauthenticated CDN Modification author: topscoder severity: high description: > diff --git a/nuclei-templates/2024/CVE-2024-1974-04c81fb79bf7022bea90afb5e9a89812.yaml b/nuclei-templates/2024/CVE-2024-1974-04c81fb79bf7022bea90afb5e9a89812.yaml index d241ee5b1c..3775164977 100644 --- a/nuclei-templates/2024/CVE-2024-1974-04c81fb79bf7022bea90afb5e9a89812.yaml +++ b/nuclei-templates/2024/CVE-2024-1974-04c81fb79bf7022bea90afb5e9a89812.yaml @@ -2,7 +2,7 @@ id: CVE-2024-1974-04c81fb79bf7022bea90afb5e9a89812 info: name: > - HT Mega – Absolute Addons For Elementor <= 2.4.6 - Authenticated (Contributor+) Directory Traversal + HT Mega – Absolute Addons For Elementor <= 2.4.5 - Authenticated (Contributor+) Directory Traversal author: topscoder severity: low description: > diff --git a/nuclei-templates/2024/CVE-2024-2137-04d9d8731b13cba23277b7657f4034c0.yaml b/nuclei-templates/2024/CVE-2024-2137-04d9d8731b13cba23277b7657f4034c0.yaml index bd5ba823a4..ca0fddbbbf 100644 --- a/nuclei-templates/2024/CVE-2024-2137-04d9d8731b13cba23277b7657f4034c0.yaml +++ b/nuclei-templates/2024/CVE-2024-2137-04d9d8731b13cba23277b7657f4034c0.yaml @@ -2,11 +2,11 @@ id: CVE-2024-2137-04d9d8731b13cba23277b7657f4034c0 info: name: > - All-in-One Addons for Elementor – WidgetKit <= 2.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pricing Widgets + All-in-One Addons for Elementor – WidgetKit <= 2.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pricing Widgets author: topscoder severity: low description: > - The All-in-One Addons for Elementor – WidgetKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple pricing widgets (e.g. Pricing Single, Pricing Icon, Pricing Tab) in all versions up to, and including, 2.4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + The All-in-One Addons for Elementor – WidgetKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple pricing widgets (e.g. Pricing Single, Pricing Icon, Pricing Tab) in all versions up to, and including, 2.5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/27945f52-7594-46f6-a760-2ee5dd094914?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 2.4.8') \ No newline at end of file + - compare_versions(version, '<= 2.5.1') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-2163-4c370188065655705ee7ef45c88385e0.yaml b/nuclei-templates/2024/CVE-2024-2163-4c370188065655705ee7ef45c88385e0.yaml index c9c47adfc8..6bb4cf3b32 100644 --- a/nuclei-templates/2024/CVE-2024-2163-4c370188065655705ee7ef45c88385e0.yaml +++ b/nuclei-templates/2024/CVE-2024-2163-4c370188065655705ee7ef45c88385e0.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: low description: > - The Ninja Beaver Add-ons for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 2.4.5 due to insufficient input sanitization and output escaping on user supplied attributes such as urls. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + The Ninja Beaver Add-ons for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 2.4.5 due to insufficient input sanitization and output escaping on user supplied attributes such as urls. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2024-37244 is likely a duplicate of this issue. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/1e257954-9e44-4939-8e01-efceb3c0953a?source=api-prod diff --git a/nuclei-templates/2024/CVE-2024-21746-538f87a94b427714291bc57cb4a7385a.yaml b/nuclei-templates/2024/CVE-2024-21746-538f87a94b427714291bc57cb4a7385a.yaml index 2822ef8c7a..85ac94cbeb 100644 --- a/nuclei-templates/2024/CVE-2024-21746-538f87a94b427714291bc57cb4a7385a.yaml +++ b/nuclei-templates/2024/CVE-2024-21746-538f87a94b427714291bc57cb4a7385a.yaml @@ -2,11 +2,11 @@ id: CVE-2024-21746-538f87a94b427714291bc57cb4a7385a info: name: > - Wp Ultimate Review <= 2.3.2 - IP Spoofing + Wp Ultimate Review <= 2.3.5 - IP Spoofing author: topscoder severity: medium description: > - The WP Ultimate Review plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 2.3.2 due to insufficient IP address validation and/or use of user-supplied HTTP headers as a primary method for IP retrieval. This makes it possible for unauthenticated attackers to bypass IP rate limiting. + The WP Ultimate Review plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 2.3.5 due to insufficient IP address validation and/or use of user-supplied HTTP headers as a primary method for IP retrieval. This makes it possible for unauthenticated attackers to bypass IP rate limiting. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/31418a45-7dae-4cd4-8f85-0498a285ef6d?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 2.3.2') \ No newline at end of file + - compare_versions(version, '<= 2.3.5') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-2254-fff7de08f6116735e0400b319113ddc3.yaml b/nuclei-templates/2024/CVE-2024-2254-fff7de08f6116735e0400b319113ddc3.yaml index e917e51ea4..e7bfec36d0 100644 --- a/nuclei-templates/2024/CVE-2024-2254-fff7de08f6116735e0400b319113ddc3.yaml +++ b/nuclei-templates/2024/CVE-2024-2254-fff7de08f6116735e0400b319113ddc3.yaml @@ -2,11 +2,11 @@ id: CVE-2024-2254-fff7de08f6116735e0400b319113ddc3 info: name: > - RT Easy Builder – Advanced addons for Elementor <= 2.2 - Authenticated (Contributor+) Stored Cross-site Scripting + RT Easy Builder – Advanced addons for Elementor <= 2.3 - Authenticated (Contributor+) Stored Cross-site Scripting author: topscoder severity: low description: > - The RT Easy Builder – Advanced addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + The RT Easy Builder – Advanced addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 2.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/a5fb289e-bd38-42ea-86a4-7816b59bd0b2?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 2.2') \ No newline at end of file + - compare_versions(version, '<= 2.3') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-2344-40b6b6eb9961994eb85da58e156bbf63.yaml b/nuclei-templates/2024/CVE-2024-2344-40b6b6eb9961994eb85da58e156bbf63.yaml index 421b898162..05aa87ad9e 100644 --- a/nuclei-templates/2024/CVE-2024-2344-40b6b6eb9961994eb85da58e156bbf63.yaml +++ b/nuclei-templates/2024/CVE-2024-2344-40b6b6eb9961994eb85da58e156bbf63.yaml @@ -2,7 +2,7 @@ id: CVE-2024-2344-40b6b6eb9961994eb85da58e156bbf63 info: name: > - Avada <= 7.11.6 - Authenticated (Editor+) SQL Injection via entry + Avada <= 7.11.6 - Authenticated (Admin+) SQL Injection via entry author: topscoder severity: low description: > diff --git a/nuclei-templates/2024/CVE-2024-2392-7bfe7ea4779aba265f4dcf37d83d468c.yaml b/nuclei-templates/2024/CVE-2024-2392-7bfe7ea4779aba265f4dcf37d83d468c.yaml index 757a1432fe..40a4aad5d3 100644 --- a/nuclei-templates/2024/CVE-2024-2392-7bfe7ea4779aba265f4dcf37d83d468c.yaml +++ b/nuclei-templates/2024/CVE-2024-2392-7bfe7ea4779aba265f4dcf37d83d468c.yaml @@ -11,8 +11,8 @@ info: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/b937cbfb-d43c-4cda-b247-921661cbc0ad?source=api-prod classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N - cvss-score: 6.5 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 cve-id: CVE-2024-2392 metadata: fofa-query: "wp-content/plugins/blocksy-companion/" diff --git a/nuclei-templates/2024/CVE-2024-2472-580975271da7e9ac8a5a8e3b5b971034.yaml b/nuclei-templates/2024/CVE-2024-2472-580975271da7e9ac8a5a8e3b5b971034.yaml index 1f55ef3e58..ab750ca06c 100644 --- a/nuclei-templates/2024/CVE-2024-2472-580975271da7e9ac8a5a8e3b5b971034.yaml +++ b/nuclei-templates/2024/CVE-2024-2472-580975271da7e9ac8a5a8e3b5b971034.yaml @@ -15,17 +15,17 @@ info: cvss-score: 9.1 cve-id: CVE-2024-2472 metadata: - fofa-query: "wp-content/plugins/LatePoint/" - google-query: inurl:"/wp-content/plugins/LatePoint/" + fofa-query: "wp-content/plugins/latepoint/" + google-query: inurl:"/wp-content/plugins/latepoint/" shodan-query: 'vuln:CVE-2024-2472' - tags: cve,wordpress,wp-plugin,LatePoint,high + tags: cve,wordpress,wp-plugin,latepoint,high http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/LatePoint/readme.txt" + - "{{BaseURL}}/wp-content/plugins/latepoint/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "LatePoint" + - "latepoint" part: body - type: dsl diff --git a/nuclei-templates/2024/CVE-2024-2541-49857937876d85d5d1abd5bfb380cf51.yaml b/nuclei-templates/2024/CVE-2024-2541-49857937876d85d5d1abd5bfb380cf51.yaml index a1dae36f04..a687fedf4f 100644 --- a/nuclei-templates/2024/CVE-2024-2541-49857937876d85d5d1abd5bfb380cf51.yaml +++ b/nuclei-templates/2024/CVE-2024-2541-49857937876d85d5d1abd5bfb380cf51.yaml @@ -2,11 +2,11 @@ id: CVE-2024-2541-49857937876d85d5d1abd5bfb380cf51 info: name: > - Popup Builder <= 4.3.3 - Sensitive Information Exposure via Imported Subscribers CSV File + Popup Builder <= 4.3.6 - Sensitive Information Exposure via Imported Subscribers CSV File author: topscoder severity: medium description: > - The Popup Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.3 via the Subscribers Import feature. This makes it possible for unauthenticated attackers to extract sensitive data after an administrator has imported subscribers via a CSV file. This data may include the first name, last name, e-mail address, and potentially other personally identifiable information of subscribers. + The Popup Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.6 via the Subscribers Import feature. This makes it possible for unauthenticated attackers to extract sensitive data after an administrator has imported subscribers via a CSV file. This data may include the first name, last name, e-mail address, and potentially other personally identifiable information of subscribers. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/086cd6a0-adb6-4e12-b34c-630297f036f3?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 4.3.3') \ No newline at end of file + - compare_versions(version, '<= 4.3.6') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-25915-97636e7e29b1db9caef04ca90cb6aef6.yaml b/nuclei-templates/2024/CVE-2024-25915-97636e7e29b1db9caef04ca90cb6aef6.yaml index d25d0ea4d2..dd89135105 100644 --- a/nuclei-templates/2024/CVE-2024-25915-97636e7e29b1db9caef04ca90cb6aef6.yaml +++ b/nuclei-templates/2024/CVE-2024-25915-97636e7e29b1db9caef04ca90cb6aef6.yaml @@ -2,7 +2,7 @@ id: CVE-2024-25915-97636e7e29b1db9caef04ca90cb6aef6 info: name: > - Pexels: Free Stock Photos <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting + Pexels: Free Stock Photos <= 1.2.2 - Authenticated (Contributor+) Server-Side Request Forgery author: topscoder severity: low description: > diff --git a/nuclei-templates/2024/CVE-2024-2665-39a27129de97c40dff860c3578eadb7b.yaml b/nuclei-templates/2024/CVE-2024-2665-39a27129de97c40dff860c3578eadb7b.yaml index d83a568ef9..13b569c328 100644 --- a/nuclei-templates/2024/CVE-2024-2665-39a27129de97c40dff860c3578eadb7b.yaml +++ b/nuclei-templates/2024/CVE-2024-2665-39a27129de97c40dff860c3578eadb7b.yaml @@ -11,8 +11,8 @@ info: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/cab56873-f79c-4fd2-8d40-ee4a338cbe8b?source=api-prod classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N - cvss-score: 6.5 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 cve-id: CVE-2024-2665 metadata: fofa-query: "wp-content/plugins/premium-addons-for-elementor/" diff --git a/nuclei-templates/2024/CVE-2024-27193-513d43effdcaedf46f99176d4804f770.yaml b/nuclei-templates/2024/CVE-2024-27193-513d43effdcaedf46f99176d4804f770.yaml index 4de3f81b10..cb86a83b83 100644 --- a/nuclei-templates/2024/CVE-2024-27193-513d43effdcaedf46f99176d4804f770.yaml +++ b/nuclei-templates/2024/CVE-2024-27193-513d43effdcaedf46f99176d4804f770.yaml @@ -2,11 +2,11 @@ id: CVE-2024-27193-513d43effdcaedf46f99176d4804f770 info: name: > - PayU India <= 3.8.2 - Reflected Cross-Site Scripting via type + PayU India <= 3.8.3 - Reflected Cross-Site Scripting via type author: topscoder severity: medium description: > - The PayU India plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘type’ parameter in versions up to, and including, 3.8.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + The PayU India plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘type’ parameter in versions up to, and including, 3.8.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/e4a5dc4f-3eb6-410e-af3d-e3b0639319f3?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 3.8.2') \ No newline at end of file + - compare_versions(version, '<= 3.8.3') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-2738-88cc70ab7bfc1eaa68e27eeef060b15c.yaml b/nuclei-templates/2024/CVE-2024-2738-88cc70ab7bfc1eaa68e27eeef060b15c.yaml index 86e29844d4..6fb1f8443b 100644 --- a/nuclei-templates/2024/CVE-2024-2738-88cc70ab7bfc1eaa68e27eeef060b15c.yaml +++ b/nuclei-templates/2024/CVE-2024-2738-88cc70ab7bfc1eaa68e27eeef060b15c.yaml @@ -15,17 +15,17 @@ info: cvss-score: 6.1 cve-id: CVE-2024-2738 metadata: - fofa-query: "wp-content/plugins/permalink-manager/" - google-query: inurl:"/wp-content/plugins/permalink-manager/" + fofa-query: "wp-content/plugins/permalink-manager-pro/" + google-query: inurl:"/wp-content/plugins/permalink-manager-pro/" shodan-query: 'vuln:CVE-2024-2738' - tags: cve,wordpress,wp-plugin,permalink-manager,medium + tags: cve,wordpress,wp-plugin,permalink-manager-pro,medium http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/permalink-manager/readme.txt" + - "{{BaseURL}}/wp-content/plugins/permalink-manager-pro/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "permalink-manager" + - "permalink-manager-pro" part: body - type: dsl diff --git a/nuclei-templates/2024/CVE-2024-2762-6f6c62da5200b2142baa1e66562e41c6.yaml b/nuclei-templates/2024/CVE-2024-2762-6f6c62da5200b2142baa1e66562e41c6.yaml index 58fb7645c5..a332f162ae 100644 --- a/nuclei-templates/2024/CVE-2024-2762-6f6c62da5200b2142baa1e66562e41c6.yaml +++ b/nuclei-templates/2024/CVE-2024-2762-6f6c62da5200b2142baa1e66562e41c6.yaml @@ -15,17 +15,17 @@ info: cvss-score: 6.4 cve-id: CVE-2024-2762 metadata: - fofa-query: "wp-content/plugins/foogallery-premium/" - google-query: inurl:"/wp-content/plugins/foogallery-premium/" + fofa-query: "wp-content/plugins/foogallery/" + google-query: inurl:"/wp-content/plugins/foogallery/" shodan-query: 'vuln:CVE-2024-2762' - tags: cve,wordpress,wp-plugin,foogallery-premium,low + tags: cve,wordpress,wp-plugin,foogallery,low http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/foogallery-premium/readme.txt" + - "{{BaseURL}}/wp-content/plugins/foogallery/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "foogallery-premium" + - "foogallery" part: body - type: dsl diff --git a/nuclei-templates/2024/CVE-2024-2765-14cc650cd46aa8a10f6f033fa6010a72.yaml b/nuclei-templates/2024/CVE-2024-2765-14cc650cd46aa8a10f6f033fa6010a72.yaml index aca29b9368..0f79166ee8 100644 --- a/nuclei-templates/2024/CVE-2024-2765-14cc650cd46aa8a10f6f033fa6010a72.yaml +++ b/nuclei-templates/2024/CVE-2024-2765-14cc650cd46aa8a10f6f033fa6010a72.yaml @@ -11,7 +11,7 @@ info: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/86ddd5fd-137b-478e-952e-b36fc6a5c28d?source=api-prod classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N cvss-score: 5.4 cve-id: CVE-2024-2765 metadata: diff --git a/nuclei-templates/2024/CVE-2024-2792-b6e032e40c2b02b97f9dccc374126174.yaml b/nuclei-templates/2024/CVE-2024-2792-b6e032e40c2b02b97f9dccc374126174.yaml index 12041ebfdb..0c82890791 100644 --- a/nuclei-templates/2024/CVE-2024-2792-b6e032e40c2b02b97f9dccc374126174.yaml +++ b/nuclei-templates/2024/CVE-2024-2792-b6e032e40c2b02b97f9dccc374126174.yaml @@ -11,8 +11,8 @@ info: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/dcc5a611-23bf-499e-8141-684458d9ce3b?source=api-prod classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N - cvss-score: 6.5 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 cve-id: CVE-2024-2792 metadata: fofa-query: "wp-content/plugins/addon-elements-for-elementor-page-builder/" diff --git a/nuclei-templates/2024/CVE-2024-2798-9135d4a437b8a550438ee8234a1d6293.yaml b/nuclei-templates/2024/CVE-2024-2798-9135d4a437b8a550438ee8234a1d6293.yaml index c1347adaeb..74af095df5 100644 --- a/nuclei-templates/2024/CVE-2024-2798-9135d4a437b8a550438ee8234a1d6293.yaml +++ b/nuclei-templates/2024/CVE-2024-2798-9135d4a437b8a550438ee8234a1d6293.yaml @@ -11,8 +11,8 @@ info: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/70582781-9de5-4124-bde4-d3d26724e9b3?source=api-prod classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N - cvss-score: 6.5 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 cve-id: CVE-2024-2798 metadata: fofa-query: "wp-content/plugins/royal-elementor-addons/" diff --git a/nuclei-templates/2024/CVE-2024-2864-496661b726d4252fe3125b3287ce0967.yaml b/nuclei-templates/2024/CVE-2024-2864-496661b726d4252fe3125b3287ce0967.yaml index 77279a543b..cb3bc3986d 100644 --- a/nuclei-templates/2024/CVE-2024-2864-496661b726d4252fe3125b3287ce0967.yaml +++ b/nuclei-templates/2024/CVE-2024-2864-496661b726d4252fe3125b3287ce0967.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: high description: > - The Buddypress Moderation plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + The Buddypress Moderation plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/1c544990-9fd2-4f1b-a02c-a13959d68580?source=api-prod diff --git a/nuclei-templates/2024/CVE-2024-2908-1d99c60b8d35257d9b25a2e72681ad05.yaml b/nuclei-templates/2024/CVE-2024-2908-1d99c60b8d35257d9b25a2e72681ad05.yaml index 214930c007..3d5fedb019 100644 --- a/nuclei-templates/2024/CVE-2024-2908-1d99c60b8d35257d9b25a2e72681ad05.yaml +++ b/nuclei-templates/2024/CVE-2024-2908-1d99c60b8d35257d9b25a2e72681ad05.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: low description: > - The Call Now Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. + The Call Now Button – The #1 Click to Call Button for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/0aac81b0-8d40-4c16-99b0-558ad7132698?source=api-prod @@ -15,17 +15,17 @@ info: cvss-score: 4.4 cve-id: CVE-2024-2908 metadata: - fofa-query: "wp-content/plugins/UNKNOWN-CVE-2024-2908-1/" - google-query: inurl:"/wp-content/plugins/UNKNOWN-CVE-2024-2908-1/" + fofa-query: "wp-content/plugins/call-now-button/" + google-query: inurl:"/wp-content/plugins/call-now-button/" shodan-query: 'vuln:CVE-2024-2908' - tags: cve,wordpress,wp-plugin,UNKNOWN-CVE-2024-2908-1,low + tags: cve,wordpress,wp-plugin,call-now-button,low http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/UNKNOWN-CVE-2024-2908-1/readme.txt" + - "{{BaseURL}}/wp-content/plugins/call-now-button/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "UNKNOWN-CVE-2024-2908-1" + - "call-now-button" part: body - type: dsl diff --git a/nuclei-templates/2024/CVE-2024-2948-e613676160eaeffd0274ec43f1aa0549.yaml b/nuclei-templates/2024/CVE-2024-2948-e613676160eaeffd0274ec43f1aa0549.yaml index 995620e4ee..e2d46d5a5e 100644 --- a/nuclei-templates/2024/CVE-2024-2948-e613676160eaeffd0274ec43f1aa0549.yaml +++ b/nuclei-templates/2024/CVE-2024-2948-e613676160eaeffd0274ec43f1aa0549.yaml @@ -11,8 +11,8 @@ info: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/38a87046-9a46-40c2-b10d-d1a7d5ef8742?source=api-prod classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N - cvss-score: 7.2 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 cve-id: CVE-2024-2948 metadata: fofa-query: "wp-content/plugins/favorites/" diff --git a/nuclei-templates/2024/CVE-2024-29788-a17eec930d8d4cb94c6e51ad515e8a6e.yaml b/nuclei-templates/2024/CVE-2024-29788-a17eec930d8d4cb94c6e51ad515e8a6e.yaml index 464005c074..37ae55d82b 100644 --- a/nuclei-templates/2024/CVE-2024-29788-a17eec930d8d4cb94c6e51ad515e8a6e.yaml +++ b/nuclei-templates/2024/CVE-2024-29788-a17eec930d8d4cb94c6e51ad515e8a6e.yaml @@ -11,8 +11,8 @@ info: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/141e5e08-efc3-4da7-ada3-4774dac88884?source=api-prod classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N - cvss-score: 7.2 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 cve-id: CVE-2024-29788 metadata: fofa-query: "wp-content/plugins/podlove-web-player/" diff --git a/nuclei-templates/2024/CVE-2024-30222-5a6dd0987e728a99a48a7d68cb1e9ce0.yaml b/nuclei-templates/2024/CVE-2024-30222-5a6dd0987e728a99a48a7d68cb1e9ce0.yaml index 86aa347492..4e7b63f7b4 100644 --- a/nuclei-templates/2024/CVE-2024-30222-5a6dd0987e728a99a48a7d68cb1e9ce0.yaml +++ b/nuclei-templates/2024/CVE-2024-30222-5a6dd0987e728a99a48a7d68cb1e9ce0.yaml @@ -11,8 +11,8 @@ info: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/a59f7a1b-ae58-4015-bb77-814707579847?source=api-prod classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 cve-id: CVE-2024-30222 metadata: fofa-query: "wp-content/plugins/armember-membership/" diff --git a/nuclei-templates/2024/CVE-2024-30226-1c157f034ffe55b1dda7e48c7133c219.yaml b/nuclei-templates/2024/CVE-2024-30226-1c157f034ffe55b1dda7e48c7133c219.yaml index 0079b1154b..fb543f87ea 100644 --- a/nuclei-templates/2024/CVE-2024-30226-1c157f034ffe55b1dda7e48c7133c219.yaml +++ b/nuclei-templates/2024/CVE-2024-30226-1c157f034ffe55b1dda7e48c7133c219.yaml @@ -15,17 +15,17 @@ info: cvss-score: 9.8 cve-id: CVE-2024-30226 metadata: - fofa-query: "wp-content/plugins/UNKNOWN-CVE-2024-30226-1/" - google-query: inurl:"/wp-content/plugins/UNKNOWN-CVE-2024-30226-1/" + fofa-query: "wp-content/plugins/betterdocs/" + google-query: inurl:"/wp-content/plugins/betterdocs/" shodan-query: 'vuln:CVE-2024-30226' - tags: cve,wordpress,wp-plugin,UNKNOWN-CVE-2024-30226-1,critical + tags: cve,wordpress,wp-plugin,betterdocs,critical http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/UNKNOWN-CVE-2024-30226-1/readme.txt" + - "{{BaseURL}}/wp-content/plugins/betterdocs/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "UNKNOWN-CVE-2024-30226-1" + - "betterdocs" part: body - type: dsl diff --git a/nuclei-templates/2024/CVE-2024-3026-24aeca19e9e22fe323fc8a0de55d7878.yaml b/nuclei-templates/2024/CVE-2024-3026-24aeca19e9e22fe323fc8a0de55d7878.yaml index 944f43d6b7..c5b50dfee8 100644 --- a/nuclei-templates/2024/CVE-2024-3026-24aeca19e9e22fe323fc8a0de55d7878.yaml +++ b/nuclei-templates/2024/CVE-2024-3026-24aeca19e9e22fe323fc8a0de55d7878.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: low description: > - The WordPress Button Plugin MaxButtons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Custom Rel Tag' parameter in all versions up to, and including, 9.7.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Editor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + The WordPress Button Plugin MaxButtons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Custom Rel Tag' parameter in all versions up to, and including, 9.7.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Editor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/0d3aa440-29a8-47cd-98f4-cf1cbdf92f66?source=api-prod diff --git a/nuclei-templates/2024/CVE-2024-3064-a923abfc0bfe50d57a9d6272b8673402.yaml b/nuclei-templates/2024/CVE-2024-3064-a923abfc0bfe50d57a9d6272b8673402.yaml index a578f197e2..5fe1bfd435 100644 --- a/nuclei-templates/2024/CVE-2024-3064-a923abfc0bfe50d57a9d6272b8673402.yaml +++ b/nuclei-templates/2024/CVE-2024-3064-a923abfc0bfe50d57a9d6272b8673402.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: low description: > - The Elementor Addons, Widgets and Enhancements – Stax plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Heading' widgets in all versions up to, and including, 1.4.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + The Elementor Addons, Widgets and Enhancements – Stax plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Heading' widgets in all versions up to, and including, 1.4.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2024-37541 is potentially a duplicate of this issue. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/16320b5e-1cb5-4e6d-ad2e-8ccd9cfa45ef?source=api-prod diff --git a/nuclei-templates/2024/CVE-2024-3065-41e9b1338ca058ad1f596cee880aa31a.yaml b/nuclei-templates/2024/CVE-2024-3065-41e9b1338ca058ad1f596cee880aa31a.yaml index 0651594cab..decaa28dce 100644 --- a/nuclei-templates/2024/CVE-2024-3065-41e9b1338ca058ad1f596cee880aa31a.yaml +++ b/nuclei-templates/2024/CVE-2024-3065-41e9b1338ca058ad1f596cee880aa31a.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: low description: > - The PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. + The PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. CVE-2024-5447 may be a duplicate of this issue. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/c596c278-4f16-4830-8e6e-5e1392d4d118?source=api-prod diff --git a/nuclei-templates/2024/CVE-2024-31111-5343cd6c3ac8b8a75adacbc11049666a.yaml b/nuclei-templates/2024/CVE-2024-31111-5343cd6c3ac8b8a75adacbc11049666a.yaml new file mode 100644 index 0000000000..cc26f3ecfd --- /dev/null +++ b/nuclei-templates/2024/CVE-2024-31111-5343cd6c3ac8b8a75adacbc11049666a.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-31111-5343cd6c3ac8b8a75adacbc11049666a + +info: + name: > + WordPress Core < 6.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Template Part Block + author: topscoder + severity: low + description: > + WordPress Core is vulnerable to Stored Cross-Site Scripting via the Template Part Block in various versions up to 6.5.5 due to insufficient input sanitization and output escaping on the 'tagName' attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2024-37492 is a duplicate CVE assignment. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2a225ccb-a7dc-4437-bd97-b309d6ae6a47?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-31111 + metadata: + fofa-query: "wp-content/plugins/gutenberg/" + google-query: inurl:"/wp-content/plugins/gutenberg/" + shodan-query: 'vuln:CVE-2024-31111' + tags: cve,wordpress,wp-plugin,gutenberg,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gutenberg/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gutenberg" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 18.6.0') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-31111-df5853a24ef3357fdd2ff2631d1b151f.yaml b/nuclei-templates/2024/CVE-2024-31111-df5853a24ef3357fdd2ff2631d1b151f.yaml index 25ef71eb04..c7d5ac712c 100644 --- a/nuclei-templates/2024/CVE-2024-31111-df5853a24ef3357fdd2ff2631d1b151f.yaml +++ b/nuclei-templates/2024/CVE-2024-31111-df5853a24ef3357fdd2ff2631d1b151f.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: low description: > - WordPress Core is vulnerable to Stored Cross-Site Scripting via the Template Part Block in various versions up to 6.5.5 due to insufficient input sanitization and output escaping on the 'tagName' attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + WordPress Core is vulnerable to Stored Cross-Site Scripting via the Template Part Block in various versions up to 6.5.5 due to insufficient input sanitization and output escaping on the 'tagName' attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2024-37492 is a duplicate CVE assignment. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/2a225ccb-a7dc-4437-bd97-b309d6ae6a47?source=api-prod diff --git a/nuclei-templates/2024/CVE-2024-31278-ac53736704839a7b467b7e9c5b3142ab.yaml b/nuclei-templates/2024/CVE-2024-31278-ac53736704839a7b467b7e9c5b3142ab.yaml index 2eebb69e0a..e195b46a0d 100644 --- a/nuclei-templates/2024/CVE-2024-31278-ac53736704839a7b467b7e9c5b3142ab.yaml +++ b/nuclei-templates/2024/CVE-2024-31278-ac53736704839a7b467b7e9c5b3142ab.yaml @@ -11,8 +11,8 @@ info: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/a78fced7-8c8c-4e98-8f06-2eea845cfb26?source=api-prod classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N - cvss-score: 5.3 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N + cvss-score: 4.3 cve-id: CVE-2024-31278 metadata: fofa-query: "wp-content/plugins/premium-addons-for-elementor/" diff --git a/nuclei-templates/2024/CVE-2024-3134-ccc578181c3390fec96e8e4c70e430a5.yaml b/nuclei-templates/2024/CVE-2024-3134-ccc578181c3390fec96e8e4c70e430a5.yaml index f7a96b544b..d34c100d9b 100644 --- a/nuclei-templates/2024/CVE-2024-3134-ccc578181c3390fec96e8e4c70e430a5.yaml +++ b/nuclei-templates/2024/CVE-2024-3134-ccc578181c3390fec96e8e4c70e430a5.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: low description: > - The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the title_html_tag attribute in all versions up to, and including, 2.0.6.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the title_html_tag attribute in all versions up to, and including, 2.0.6.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2024-35702 is likely a duplicate of this issue. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/6106c972-5475-4c19-8630-3a01edc616ad?source=api-prod diff --git a/nuclei-templates/2024/CVE-2024-31382-544ee2d6dd344b2367e1c149674b2436.yaml b/nuclei-templates/2024/CVE-2024-31382-544ee2d6dd344b2367e1c149674b2436.yaml index 241e25b320..824c774e1c 100644 --- a/nuclei-templates/2024/CVE-2024-31382-544ee2d6dd344b2367e1c149674b2436.yaml +++ b/nuclei-templates/2024/CVE-2024-31382-544ee2d6dd344b2367e1c149674b2436.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: medium description: > - The Blocksy theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.22. This is due to missing or incorrect nonce validation on the wp_ajax_blocksy_notice_button_click ajax action. This makes it possible for unauthenticated attackers to dismiss notices via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + The Blocksy theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.22. This is due to missing or incorrect nonce validation on the wp_ajax_blocksy_notice_button_click ajax action. This makes it possible for unauthenticated attackers to dismiss notices via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. CVE-2024-37469 is likely a duplicate of this issue. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/5f86dd96-fc87-4dc8-8435-f279a8def021?source=api-prod diff --git a/nuclei-templates/2024/CVE-2024-31386-02df81e71dd4326e705a94ff7865d753.yaml b/nuclei-templates/2024/CVE-2024-31386-02df81e71dd4326e705a94ff7865d753.yaml new file mode 100644 index 0000000000..6451e893e3 --- /dev/null +++ b/nuclei-templates/2024/CVE-2024-31386-02df81e71dd4326e705a94ff7865d753.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-31386-02df81e71dd4326e705a94ff7865d753 + +info: + name: > + Multiple Themes (Various Versions) - Cross-Site Request Forgery to Notice Dismissal + author: topscoder + severity: medium + description: > + Multiple plugins and/or themes for WordPress are vulnerable to Cross-Site Request Forgery in various versions. This is due to missing or incorrect nonce validation on variations of the dismiss() function. This makes it possible for unauthenticated attackers to dismiss notices via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b007d8a-3096-42f3-a7be-e0e0d3addf0b?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2024-31386 + metadata: + fofa-query: "wp-content/themes/namaha/" + google-query: inurl:"/wp-content/themes/namaha/" + shodan-query: 'vuln:CVE-2024-31386' + tags: cve,wordpress,wp-theme,namaha,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/namaha/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "namaha" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.41') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-31386-0841fa2b6621d0582053f41f0ffa1577.yaml b/nuclei-templates/2024/CVE-2024-31386-0841fa2b6621d0582053f41f0ffa1577.yaml new file mode 100644 index 0000000000..2ef5370b54 --- /dev/null +++ b/nuclei-templates/2024/CVE-2024-31386-0841fa2b6621d0582053f41f0ffa1577.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-31386-0841fa2b6621d0582053f41f0ffa1577 + +info: + name: > + Multiple Themes (Various Versions) - Cross-Site Request Forgery to Notice Dismissal + author: topscoder + severity: medium + description: > + Multiple plugins and/or themes for WordPress are vulnerable to Cross-Site Request Forgery in various versions. This is due to missing or incorrect nonce validation on variations of the dismiss() function. This makes it possible for unauthenticated attackers to dismiss notices via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b007d8a-3096-42f3-a7be-e0e0d3addf0b?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2024-31386 + metadata: + fofa-query: "wp-content/themes/x-t9/" + google-query: inurl:"/wp-content/themes/x-t9/" + shodan-query: 'vuln:CVE-2024-31386' + tags: cve,wordpress,wp-theme,x-t9,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/x-t9/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "x-t9" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.19.1') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-31386-6acb3a1070bc093d43fcf7f4b2b07fa6.yaml b/nuclei-templates/2024/CVE-2024-31386-6acb3a1070bc093d43fcf7f4b2b07fa6.yaml index 457db92015..b8c505be32 100644 --- a/nuclei-templates/2024/CVE-2024-31386-6acb3a1070bc093d43fcf7f4b2b07fa6.yaml +++ b/nuclei-templates/2024/CVE-2024-31386-6acb3a1070bc093d43fcf7f4b2b07fa6.yaml @@ -15,17 +15,17 @@ info: cvss-score: 4.3 cve-id: CVE-2024-31386 metadata: - fofa-query: "wp-content/themes/i-max/" - google-query: inurl:"/wp-content/themes/i-max/" + fofa-query: "wp-content/themes/sensible-wp/" + google-query: inurl:"/wp-content/themes/sensible-wp/" shodan-query: 'vuln:CVE-2024-31386' - tags: cve,wordpress,wp-theme,i-max,medium + tags: cve,wordpress,wp-theme,sensible-wp,medium http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/themes/i-max/style.css" + - "{{BaseURL}}/wp-content/themes/sensible-wp/style.css" extractors: - type: regex @@ -51,9 +51,9 @@ http: - type: word words: - - "i-max" + - "sensible-wp" part: body - type: dsl dsl: - - compare_versions(version, '<= 1.6.2') \ No newline at end of file + - compare_versions(version, '<= 1.3.1') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-31386-8ca3adaffd137cba32c7ef46a7a51a50.yaml b/nuclei-templates/2024/CVE-2024-31386-8ca3adaffd137cba32c7ef46a7a51a50.yaml new file mode 100644 index 0000000000..749ff12c89 --- /dev/null +++ b/nuclei-templates/2024/CVE-2024-31386-8ca3adaffd137cba32c7ef46a7a51a50.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-31386-8ca3adaffd137cba32c7ef46a7a51a50 + +info: + name: > + Multiple Themes (Various Versions) - Cross-Site Request Forgery to Notice Dismissal + author: topscoder + severity: medium + description: > + Multiple plugins and/or themes for WordPress are vulnerable to Cross-Site Request Forgery in various versions. This is due to missing or incorrect nonce validation on variations of the dismiss() function. This makes it possible for unauthenticated attackers to dismiss notices via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b007d8a-3096-42f3-a7be-e0e0d3addf0b?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2024-31386 + metadata: + fofa-query: "wp-content/themes/lightning/" + google-query: inurl:"/wp-content/themes/lightning/" + shodan-query: 'vuln:CVE-2024-31386' + tags: cve,wordpress,wp-theme,lightning,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/lightning/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "lightning" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 15.18.0') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-31386-a09b7b0723717bc8e243498dd3db787a.yaml b/nuclei-templates/2024/CVE-2024-31386-a09b7b0723717bc8e243498dd3db787a.yaml new file mode 100644 index 0000000000..3e14380ca7 --- /dev/null +++ b/nuclei-templates/2024/CVE-2024-31386-a09b7b0723717bc8e243498dd3db787a.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-31386-a09b7b0723717bc8e243498dd3db787a + +info: + name: > + Multiple Themes (Various Versions) - Cross-Site Request Forgery to Notice Dismissal + author: topscoder + severity: medium + description: > + Multiple plugins and/or themes for WordPress are vulnerable to Cross-Site Request Forgery in various versions. This is due to missing or incorrect nonce validation on variations of the dismiss() function. This makes it possible for unauthenticated attackers to dismiss notices via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b007d8a-3096-42f3-a7be-e0e0d3addf0b?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2024-31386 + metadata: + fofa-query: "wp-content/themes/emmet-lite/" + google-query: inurl:"/wp-content/themes/emmet-lite/" + shodan-query: 'vuln:CVE-2024-31386' + tags: cve,wordpress,wp-theme,emmet-lite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/emmet-lite/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "emmet-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.7.8') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-31386-f47aa5e5d779eead8b90f327b9c36f78.yaml b/nuclei-templates/2024/CVE-2024-31386-f47aa5e5d779eead8b90f327b9c36f78.yaml new file mode 100644 index 0000000000..ba0c72cc12 --- /dev/null +++ b/nuclei-templates/2024/CVE-2024-31386-f47aa5e5d779eead8b90f327b9c36f78.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-31386-f47aa5e5d779eead8b90f327b9c36f78 + +info: + name: > + Multiple Themes (Various Versions) - Cross-Site Request Forgery to Notice Dismissal + author: topscoder + severity: medium + description: > + Multiple plugins and/or themes for WordPress are vulnerable to Cross-Site Request Forgery in various versions. This is due to missing or incorrect nonce validation on variations of the dismiss() function. This makes it possible for unauthenticated attackers to dismiss notices via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b007d8a-3096-42f3-a7be-e0e0d3addf0b?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2024-31386 + metadata: + fofa-query: "wp-content/themes/panoramic/" + google-query: inurl:"/wp-content/themes/panoramic/" + shodan-query: 'vuln:CVE-2024-31386' + tags: cve,wordpress,wp-theme,panoramic,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/panoramic/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "panoramic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.57') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-32565-d040c7b2094f9806329e62a9f61d2b2a.yaml b/nuclei-templates/2024/CVE-2024-32565-d040c7b2094f9806329e62a9f61d2b2a.yaml index a6825bc1c7..78acf3170f 100644 --- a/nuclei-templates/2024/CVE-2024-32565-d040c7b2094f9806329e62a9f61d2b2a.yaml +++ b/nuclei-templates/2024/CVE-2024-32565-d040c7b2094f9806329e62a9f61d2b2a.yaml @@ -11,8 +11,8 @@ info: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/62c3f844-ed88-4a6c-a8c2-7b573096ec8b?source=api-prod classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N - cvss-score: 7.2 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 cve-id: CVE-2024-32565 metadata: fofa-query: "wp-content/plugins/app-builder/" diff --git a/nuclei-templates/2024/CVE-2024-32702-071b620b5b6978d6a418db0d88963613.yaml b/nuclei-templates/2024/CVE-2024-32702-071b620b5b6978d6a418db0d88963613.yaml index 358087a5b9..183897c455 100644 --- a/nuclei-templates/2024/CVE-2024-32702-071b620b5b6978d6a418db0d88963613.yaml +++ b/nuclei-templates/2024/CVE-2024-32702-071b620b5b6978d6a418db0d88963613.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: medium description: > - The ARforms plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 6.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + The ARforms plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 6.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. CVE-2024-0427 could be a duplicate of this issue. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/ce16175a-c58e-4432-80de-7872216ae273?source=api-prod diff --git a/nuclei-templates/2024/CVE-2024-3276-f8c67978917d3f351c8b319f987d8611.yaml b/nuclei-templates/2024/CVE-2024-3276-f8c67978917d3f351c8b319f987d8611.yaml index 3aba15d06b..7bc0c5256e 100644 --- a/nuclei-templates/2024/CVE-2024-3276-f8c67978917d3f351c8b319f987d8611.yaml +++ b/nuclei-templates/2024/CVE-2024-3276-f8c67978917d3f351c8b319f987d8611.yaml @@ -15,17 +15,17 @@ info: cvss-score: 4.4 cve-id: CVE-2024-3276 metadata: - fofa-query: "wp-content/plugins/foobox-image-lightbox-premium/" - google-query: inurl:"/wp-content/plugins/foobox-image-lightbox-premium/" + fofa-query: "wp-content/plugins/foobox-image-lightbox/" + google-query: inurl:"/wp-content/plugins/foobox-image-lightbox/" shodan-query: 'vuln:CVE-2024-3276' - tags: cve,wordpress,wp-plugin,foobox-image-lightbox-premium,low + tags: cve,wordpress,wp-plugin,foobox-image-lightbox,low http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/foobox-image-lightbox-premium/readme.txt" + - "{{BaseURL}}/wp-content/plugins/foobox-image-lightbox/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "foobox-image-lightbox-premium" + - "foobox-image-lightbox" part: body - type: dsl diff --git a/nuclei-templates/2024/CVE-2024-33685-09770bdc6a7bb713f57eb3239d79aed1.yaml b/nuclei-templates/2024/CVE-2024-33685-09770bdc6a7bb713f57eb3239d79aed1.yaml index 2eec0a90ee..66a258d57a 100644 --- a/nuclei-templates/2024/CVE-2024-33685-09770bdc6a7bb713f57eb3239d79aed1.yaml +++ b/nuclei-templates/2024/CVE-2024-33685-09770bdc6a7bb713f57eb3239d79aed1.yaml @@ -15,17 +15,17 @@ info: cvss-score: 4.3 cve-id: CVE-2024-33685 metadata: - fofa-query: "wp-content/themes/intrace/" - google-query: inurl:"/wp-content/themes/intrace/" + fofa-query: "wp-content/themes/zeever/" + google-query: inurl:"/wp-content/themes/zeever/" shodan-query: 'vuln:CVE-2024-33685' - tags: cve,wordpress,wp-theme,intrace,low + tags: cve,wordpress,wp-theme,zeever,low http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/themes/intrace/style.css" + - "{{BaseURL}}/wp-content/themes/zeever/style.css" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "intrace" + - "zeever" part: body - type: dsl diff --git a/nuclei-templates/2024/CVE-2024-33685-3ad31a4562c3484f14939801798fd412.yaml b/nuclei-templates/2024/CVE-2024-33685-3ad31a4562c3484f14939801798fd412.yaml new file mode 100644 index 0000000000..dac06a793d --- /dev/null +++ b/nuclei-templates/2024/CVE-2024-33685-3ad31a4562c3484f14939801798fd412.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-33685-3ad31a4562c3484f14939801798fd412 + +info: + name: > + Multiple Themes by jegstudio <= (Various Versions) - Missing Authorization to Notice Dismissal + author: topscoder + severity: low + description: > + Multiple theme for WordPress by jegstudio are vulnerable to unauthorized modification of data due to a missing capability check on the notice_closed() function in versions up to, and including, 1.0.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to dismiss notifications. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/edb34ad0-352e-462e-a7f1-64a804a760ed?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2024-33685 + metadata: + fofa-query: "wp-content/themes/accountra/" + google-query: inurl:"/wp-content/themes/accountra/" + shodan-query: 'vuln:CVE-2024-33685' + tags: cve,wordpress,wp-theme,accountra,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/accountra/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "accountra" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.3') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-33685-5e2d34c505faaeb3a6d2276e5f3fc457.yaml b/nuclei-templates/2024/CVE-2024-33685-5e2d34c505faaeb3a6d2276e5f3fc457.yaml new file mode 100644 index 0000000000..1b7c0abfe6 --- /dev/null +++ b/nuclei-templates/2024/CVE-2024-33685-5e2d34c505faaeb3a6d2276e5f3fc457.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-33685-5e2d34c505faaeb3a6d2276e5f3fc457 + +info: + name: > + Multiple Themes by jegstudio <= (Various Versions) - Missing Authorization to Notice Dismissal + author: topscoder + severity: low + description: > + Multiple theme for WordPress by jegstudio are vulnerable to unauthorized modification of data due to a missing capability check on the notice_closed() function in versions up to, and including, 1.0.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to dismiss notifications. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/edb34ad0-352e-462e-a7f1-64a804a760ed?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2024-33685 + metadata: + fofa-query: "wp-content/themes/photology/" + google-query: inurl:"/wp-content/themes/photology/" + shodan-query: 'vuln:CVE-2024-33685' + tags: cve,wordpress,wp-theme,photology,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/photology/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "photology" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.3') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-33686-059578dd72f10567a7b015d12eed7de6.yaml b/nuclei-templates/2024/CVE-2024-33686-059578dd72f10567a7b015d12eed7de6.yaml new file mode 100644 index 0000000000..934fc1f54f --- /dev/null +++ b/nuclei-templates/2024/CVE-2024-33686-059578dd72f10567a7b015d12eed7de6.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-33686-059578dd72f10567a7b015d12eed7de6 + +info: + name: > + ColibriWP Theme framework <= (Various Versions) - Missing Authorization + author: topscoder + severity: low + description: > + The ColibriWP Theme framework used by multiple themes for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'activate_plugin' AJAX action in various versions. This makes it possible for authenticated attackers, with subscriber-level access and above, to activate arbitrary plugins. CVE-2024-33688 and CVE-2024-2904 should be a part of this CVE. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/890bcce2-18c2-4df8-a945-0c23437534fc?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2024-33686 + metadata: + fofa-query: "wp-content/themes/vertice/" + google-query: inurl:"/wp-content/themes/vertice/" + shodan-query: 'vuln:CVE-2024-33686' + tags: cve,wordpress,wp-theme,vertice,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/vertice/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "vertice" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.7') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-33686-311e525690d4c6a33821c82e315023c5.yaml b/nuclei-templates/2024/CVE-2024-33686-311e525690d4c6a33821c82e315023c5.yaml new file mode 100644 index 0000000000..8e45627445 --- /dev/null +++ b/nuclei-templates/2024/CVE-2024-33686-311e525690d4c6a33821c82e315023c5.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-33686-311e525690d4c6a33821c82e315023c5 + +info: + name: > + ColibriWP Theme framework <= (Various Versions) - Missing Authorization + author: topscoder + severity: low + description: > + The ColibriWP Theme framework used by multiple themes for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'activate_plugin' AJAX action in various versions. This makes it possible for authenticated attackers, with subscriber-level access and above, to activate arbitrary plugins. CVE-2024-33688 and CVE-2024-2904 should be a part of this CVE. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/890bcce2-18c2-4df8-a945-0c23437534fc?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2024-33686 + metadata: + fofa-query: "wp-content/themes/brite/" + google-query: inurl:"/wp-content/themes/brite/" + shodan-query: 'vuln:CVE-2024-33686' + tags: cve,wordpress,wp-theme,brite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/brite/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "brite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.11') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-33686-5b6d2fdedfb55d84790926445e317f81.yaml b/nuclei-templates/2024/CVE-2024-33686-5b6d2fdedfb55d84790926445e317f81.yaml index 57180553e7..6340cc0aa3 100644 --- a/nuclei-templates/2024/CVE-2024-33686-5b6d2fdedfb55d84790926445e317f81.yaml +++ b/nuclei-templates/2024/CVE-2024-33686-5b6d2fdedfb55d84790926445e317f81.yaml @@ -15,17 +15,17 @@ info: cvss-score: 4.3 cve-id: CVE-2024-33686 metadata: - fofa-query: "wp-content/themes/althea-wp/" - google-query: inurl:"/wp-content/themes/althea-wp/" + fofa-query: "wp-content/themes/pathway/" + google-query: inurl:"/wp-content/themes/pathway/" shodan-query: 'vuln:CVE-2024-33686' - tags: cve,wordpress,wp-theme,althea-wp,low + tags: cve,wordpress,wp-theme,pathway,low http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/themes/althea-wp/style.css" + - "{{BaseURL}}/wp-content/themes/pathway/style.css" extractors: - type: regex @@ -51,9 +51,9 @@ http: - type: word words: - - "althea-wp" + - "pathway" part: body - type: dsl dsl: - - compare_versions(version, '<= 1.0.13') \ No newline at end of file + - compare_versions(version, '<= 1.0.15') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-33692-207993bb108ea25a62c348e86252964a.yaml b/nuclei-templates/2024/CVE-2024-33692-207993bb108ea25a62c348e86252964a.yaml index 983ca7f08c..b2480a9001 100644 --- a/nuclei-templates/2024/CVE-2024-33692-207993bb108ea25a62c348e86252964a.yaml +++ b/nuclei-templates/2024/CVE-2024-33692-207993bb108ea25a62c348e86252964a.yaml @@ -2,11 +2,11 @@ id: CVE-2024-33692-207993bb108ea25a62c348e86252964a info: name: > - Smart Recent Posts Widget <= 1.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting + Smart Recent Posts Widget <= 1.0.4 - Authenticated (Admin+) Stored Cross-Site Scripting author: topscoder severity: low description: > - The Smart Recent Posts Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. + The Smart Recent Posts Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/f40e7f8a-8bca-4a87-887c-8e11b1da46a1?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 1.0.3') \ No newline at end of file + - compare_versions(version, '<= 1.0.4') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-33908-c35c059c9f37f8cc3e0834cc507d936d.yaml b/nuclei-templates/2024/CVE-2024-33908-c35c059c9f37f8cc3e0834cc507d936d.yaml index e9abe88b19..ddc7993e1a 100644 --- a/nuclei-templates/2024/CVE-2024-33908-c35c059c9f37f8cc3e0834cc507d936d.yaml +++ b/nuclei-templates/2024/CVE-2024-33908-c35c059c9f37f8cc3e0834cc507d936d.yaml @@ -2,11 +2,11 @@ id: CVE-2024-33908-c35c059c9f37f8cc3e0834cc507d936d info: name: > - WidgetKit <= 2.5.0 - Missing Authorization to Notice Dismissal + WidgetKit <= 2.5.1 - Missing Authorization to Notice Dismissal author: topscoder severity: high description: > - The WidgetKit plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wk_td_ads_dismiss_notice() function in versions up to, and including, 2.4.8. This makes it possible for unauthenticated attackers to dismiss notices. + The WidgetKit plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wk_td_ads_dismiss_notice() function in versions up to, and including, 2.5.1. This makes it possible for unauthenticated attackers to dismiss notices. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/e809cd39-7bb0-475f-a2ae-c7bc4bdba63c?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 2.4.8') \ No newline at end of file + - compare_versions(version, '<= 2.5.1') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-33940-effbf7904328156bdf22f9099feb678c.yaml b/nuclei-templates/2024/CVE-2024-33940-effbf7904328156bdf22f9099feb678c.yaml index 5204e2a6c5..cb01a9e629 100644 --- a/nuclei-templates/2024/CVE-2024-33940-effbf7904328156bdf22f9099feb678c.yaml +++ b/nuclei-templates/2024/CVE-2024-33940-effbf7904328156bdf22f9099feb678c.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: low description: > - The EventON plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.2.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. + The EventON plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.2.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. CVE-2024-4752 may be a duplicate of this issue. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/3a044983-1ec7-464b-aa5d-d479be45bb1a?source=api-prod diff --git a/nuclei-templates/2024/CVE-2024-34390-abb6d539404583169f162382aa569f62.yaml b/nuclei-templates/2024/CVE-2024-34390-abb6d539404583169f162382aa569f62.yaml index c688a4ccfc..6af2995f43 100644 --- a/nuclei-templates/2024/CVE-2024-34390-abb6d539404583169f162382aa569f62.yaml +++ b/nuclei-templates/2024/CVE-2024-34390-abb6d539404583169f162382aa569f62.yaml @@ -2,11 +2,11 @@ id: CVE-2024-34390-abb6d539404583169f162382aa569f62 info: name: > - Post Grid Master <= 3.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting + Post Grid Master <= 3.4.12 - Authenticated (Contributor+) Stored Cross-Site Scripting author: topscoder severity: low description: > - The Post Grid Master – Custom Post Types, Taxonomies & Ajax Filter Everything with Infinite Scroll, Load More, Pagination & Shortcode Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.4.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + The Post Grid Master – Custom Post Types, Taxonomies & Ajax Filter Everything with Infinite Scroll, Load More, Pagination & Shortcode Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.4.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/3ebc0e28-ced8-4fb0-818d-1452faf9660d?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 3.4.8') \ No newline at end of file + - compare_versions(version, '<= 3.4.12') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-34421-a7ad42b41916e5138936eb5e85dfcad7.yaml b/nuclei-templates/2024/CVE-2024-34421-a7ad42b41916e5138936eb5e85dfcad7.yaml index b7e2ce4f4b..013f074f21 100644 --- a/nuclei-templates/2024/CVE-2024-34421-a7ad42b41916e5138936eb5e85dfcad7.yaml +++ b/nuclei-templates/2024/CVE-2024-34421-a7ad42b41916e5138936eb5e85dfcad7.yaml @@ -2,11 +2,11 @@ id: CVE-2024-34421-a7ad42b41916e5138936eb5e85dfcad7 info: name: > - BlogLentor <= <=1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting + BlogLentor <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting author: topscoder severity: low description: > - The BlogLentor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + The BlogLentor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/1012f06d-2306-44bc-9235-528c1632be16?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 1.0.8') \ No newline at end of file + - compare_versions(version, '<= 1.0.9') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-34546-6d8a44cbfa6641422ccc29befddcb10f.yaml b/nuclei-templates/2024/CVE-2024-34546-6d8a44cbfa6641422ccc29befddcb10f.yaml index 2ab18f375b..e94a2d4430 100644 --- a/nuclei-templates/2024/CVE-2024-34546-6d8a44cbfa6641422ccc29befddcb10f.yaml +++ b/nuclei-templates/2024/CVE-2024-34546-6d8a44cbfa6641422ccc29befddcb10f.yaml @@ -2,11 +2,11 @@ id: CVE-2024-34546-6d8a44cbfa6641422ccc29befddcb10f info: name: > - Sticky Social Link <= 1.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting + Sticky Social Link <= 2.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting author: topscoder severity: low description: > - The Sticky Social Link plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. + The Sticky Social Link plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/50affe4f-d27e-4ead-a14b-abf792d5f0f0?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 1.0.0') \ No newline at end of file + - compare_versions(version, '<= 2.0.0') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-34800-d78aea63f25ecbe42a1e3c1f83c34fae.yaml b/nuclei-templates/2024/CVE-2024-34800-d78aea63f25ecbe42a1e3c1f83c34fae.yaml index a73ac7190c..b6447e3355 100644 --- a/nuclei-templates/2024/CVE-2024-34800-d78aea63f25ecbe42a1e3c1f83c34fae.yaml +++ b/nuclei-templates/2024/CVE-2024-34800-d78aea63f25ecbe42a1e3c1f83c34fae.yaml @@ -2,11 +2,11 @@ id: CVE-2024-34800-d78aea63f25ecbe42a1e3c1f83c34fae info: name: > - Crafthemes Demo Import <= 3.1 - Missing Authorization to Arbitrary Plugin Installation + Crafthemes Demo Import <= 3.3 - Missing Authorization to Arbitrary Plugin Installation author: topscoder severity: low description: > - The Crafthemes Demo Import plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the ct_ctdi_install_plugin() function in versions up to, and including, 3.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to install arbitrary plugins which can contain more serious vulnerabilities and be used to elevate access. + The Crafthemes Demo Import plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the ct_ctdi_install_plugin() function in versions up to, and including, 3.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to install arbitrary plugins which can contain more serious vulnerabilities and be used to elevate access. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/0ef8024c-d5e5-4921-a161-01507cb4f2bd?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 3.1') \ No newline at end of file + - compare_versions(version, '<= 3.3') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-34802-923f0efedfdc14fa2ca10e721f71a0bf.yaml b/nuclei-templates/2024/CVE-2024-34802-923f0efedfdc14fa2ca10e721f71a0bf.yaml index ce8316eb90..aaceaf4f0b 100644 --- a/nuclei-templates/2024/CVE-2024-34802-923f0efedfdc14fa2ca10e721f71a0bf.yaml +++ b/nuclei-templates/2024/CVE-2024-34802-923f0efedfdc14fa2ca10e721f71a0bf.yaml @@ -2,11 +2,11 @@ id: CVE-2024-34802-923f0efedfdc14fa2ca10e721f71a0bf info: name: > - AdFoxly – Ad Manager, AdSense Ads & Ads.txt <= 1.8.5 - Missing Authorization + AdFoxly – Ad Manager, AdSense Ads & Ads.txt <= 1.8.5 - Missing Authorization to Unauthenticated Ad Status Update author: topscoder severity: high description: > - The AdFoxly – Ad Manager, AdSense Ads & Ads.txt plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.8.5. This makes it possible for unauthenticated attackers to perform an unauthorized action. + The AdFoxly – Ad Manager, AdSense Ads & Ads.txt plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the adfoxly_ad_status() function in all versions up to, and including, 1.8.5. This makes it possible for unauthenticated attackers to enable and disable ads. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/0f64cbff-96a2-45e6-b37a-a7d4702fdf09?source=api-prod diff --git a/nuclei-templates/2024/CVE-2024-34806-40fde82d1139f989e39d48eddd554635.yaml b/nuclei-templates/2024/CVE-2024-34806-40fde82d1139f989e39d48eddd554635.yaml index 03fce649ee..2d699082f0 100644 --- a/nuclei-templates/2024/CVE-2024-34806-40fde82d1139f989e39d48eddd554635.yaml +++ b/nuclei-templates/2024/CVE-2024-34806-40fde82d1139f989e39d48eddd554635.yaml @@ -2,11 +2,11 @@ id: CVE-2024-34806-40fde82d1139f989e39d48eddd554635 info: name: > - Clearfy Cache <= 2.2.1 - Cross-Site Request Forgery + Clearfy Cache <= 2.3.0 - Cross-Site Request Forgery author: topscoder severity: medium description: > - The Clearfy Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.2.1. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to perform unauthorized actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + The Clearfy Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.0. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to perform unauthorized actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/26d28cb4-3cbd-4baf-968a-a3d37693306f?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 2.2.1') \ No newline at end of file + - compare_versions(version, '<= 2.3.0') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-3500-fe90c24fc5d19679106a5e36b2c71918.yaml b/nuclei-templates/2024/CVE-2024-3500-fe90c24fc5d19679106a5e36b2c71918.yaml index 0d785243ad..7d2f7caa81 100644 --- a/nuclei-templates/2024/CVE-2024-3500-fe90c24fc5d19679106a5e36b2c71918.yaml +++ b/nuclei-templates/2024/CVE-2024-3500-fe90c24fc5d19679106a5e36b2c71918.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: low description: > - The ElementsKit Pro plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.6.0 via the Price Menu, Hotspot, and Advanced Toggle widgets. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. + The ElementsKit Pro plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.6.0 via the Price Menu, Hotspot, and Advanced Toggle widgets. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. CVE-2024-43996 is potentially a duplicate of this issue. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/c8ae0a47-cba5-468e-8d25-7b7176373b9c?source=api-prod diff --git a/nuclei-templates/2024/CVE-2024-3513-3758cd9d8b6406b69f60ab42c2ea31ac.yaml b/nuclei-templates/2024/CVE-2024-3513-3758cd9d8b6406b69f60ab42c2ea31ac.yaml index d43419d840..33b6df3a25 100644 --- a/nuclei-templates/2024/CVE-2024-3513-3758cd9d8b6406b69f60ab42c2ea31ac.yaml +++ b/nuclei-templates/2024/CVE-2024-3513-3758cd9d8b6406b69f60ab42c2ea31ac.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: low description: > - The Ultimate Blocks – WordPress Blocks Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the title tag parameter in all versions up to, and including, 3.1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + The Ultimate Blocks – WordPress Blocks Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the title tag (postTitleTag) parameter in all versions up to, and including, 3.1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2024-6362 appears to be a duplicate of this issue. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/428b4d6b-a4db-4e60-8c15-24efdfe6aea1?source=api-prod diff --git a/nuclei-templates/2024/CVE-2024-3563-cefe0475884de4ae46c693fabf84993d.yaml b/nuclei-templates/2024/CVE-2024-3563-cefe0475884de4ae46c693fabf84993d.yaml index 9297214206..363c3c359f 100644 --- a/nuclei-templates/2024/CVE-2024-3563-cefe0475884de4ae46c693fabf84993d.yaml +++ b/nuclei-templates/2024/CVE-2024-3563-cefe0475884de4ae46c693fabf84993d.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: low description: > - The Genesis Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Sharing block in all versions up to, and including, 3.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + The Genesis Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Sharing block in all versions up to, and including, 3.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2024-3901 is a duplicate of this issue. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/ef21fae3-65ef-43e8-9792-619dfc4dfda8?source=api-prod diff --git a/nuclei-templates/2024/CVE-2024-35645-6d9f2abaefdeb748beec8783a79c496c.yaml b/nuclei-templates/2024/CVE-2024-35645-6d9f2abaefdeb748beec8783a79c496c.yaml index 21d98e9162..1aea113254 100644 --- a/nuclei-templates/2024/CVE-2024-35645-6d9f2abaefdeb748beec8783a79c496c.yaml +++ b/nuclei-templates/2024/CVE-2024-35645-6d9f2abaefdeb748beec8783a79c496c.yaml @@ -2,11 +2,11 @@ id: CVE-2024-35645-6d9f2abaefdeb748beec8783a79c496c info: name: > - Random Banner <= 4.2.8 - Authenticated (Admin+) Stored Cross-Site Scripting + Random Banner <= 4.2.9 - Authenticated (Admin+) Stored Cross-Site Scripting author: topscoder severity: low description: > - The Random Banner plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.2.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. + The Random Banner plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/6435fc6b-a5dc-4de3-9c53-5d1bfe8cfd88?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 4.2.8') \ No newline at end of file + - compare_versions(version, '<= 4.2.9') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-35646-94b3cfd8d487d2adfc0cb31c4eac7500.yaml b/nuclei-templates/2024/CVE-2024-35646-94b3cfd8d487d2adfc0cb31c4eac7500.yaml index 2db4f545cd..e4f26f9f32 100644 --- a/nuclei-templates/2024/CVE-2024-35646-94b3cfd8d487d2adfc0cb31c4eac7500.yaml +++ b/nuclei-templates/2024/CVE-2024-35646-94b3cfd8d487d2adfc0cb31c4eac7500.yaml @@ -2,11 +2,11 @@ id: CVE-2024-35646-94b3cfd8d487d2adfc0cb31c4eac7500 info: name: > - Smartarget Message Bar <= 1.3 - Authenticated (Admin+) Stored Cross-Site Scripting + Smartarget Message Bar <= 1.4 - Authenticated (Admin+) Stored Cross-Site Scripting author: topscoder severity: low description: > - The Smartarget Message Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. + The Smartarget Message Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/97cb7216-fe65-46db-9ab2-62d409f056cd?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 1.3') \ No newline at end of file + - compare_versions(version, '<= 1.4') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-35682-7d2f375e23ecce6265c3fd11ed849f65.yaml b/nuclei-templates/2024/CVE-2024-35682-7d2f375e23ecce6265c3fd11ed849f65.yaml index 8d74f78d41..7995c2e394 100644 --- a/nuclei-templates/2024/CVE-2024-35682-7d2f375e23ecce6265c3fd11ed849f65.yaml +++ b/nuclei-templates/2024/CVE-2024-35682-7d2f375e23ecce6265c3fd11ed849f65.yaml @@ -11,8 +11,8 @@ info: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/2ec9de0f-5af7-4664-b8ef-72a51b1661d7?source=api-prod classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N - cvss-score: 5.3 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N + cvss-score: 4.3 cve-id: CVE-2024-35682 metadata: fofa-query: "wp-content/plugins/otter-pro/" diff --git a/nuclei-templates/2024/CVE-2024-35686-066bbeb0b2014910a3f0b18c9c9026c1.yaml b/nuclei-templates/2024/CVE-2024-35686-066bbeb0b2014910a3f0b18c9c9026c1.yaml index 1193743e2e..6e7c63dcbb 100644 --- a/nuclei-templates/2024/CVE-2024-35686-066bbeb0b2014910a3f0b18c9c9026c1.yaml +++ b/nuclei-templates/2024/CVE-2024-35686-066bbeb0b2014910a3f0b18c9c9026c1.yaml @@ -15,17 +15,17 @@ info: cvss-score: 5.3 cve-id: CVE-2024-35686 metadata: - fofa-query: "wp-content/plugins/UNKNOWN-CVE-2024-34765-1/" - google-query: inurl:"/wp-content/plugins/UNKNOWN-CVE-2024-34765-1/" + fofa-query: "wp-content/plugins/woothemes-sensei/" + google-query: inurl:"/wp-content/plugins/woothemes-sensei/" shodan-query: 'vuln:CVE-2024-35686' - tags: cve,wordpress,wp-plugin,UNKNOWN-CVE-2024-34765-1,high + tags: cve,wordpress,wp-plugin,woothemes-sensei,high http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/UNKNOWN-CVE-2024-34765-1/readme.txt" + - "{{BaseURL}}/wp-content/plugins/woothemes-sensei/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "UNKNOWN-CVE-2024-34765-1" + - "woothemes-sensei" part: body - type: dsl diff --git a/nuclei-templates/2024/CVE-2024-35769-f82dc7eccca54732b79253717fa94d1e.yaml b/nuclei-templates/2024/CVE-2024-35769-f82dc7eccca54732b79253717fa94d1e.yaml index 52861332ce..02d1be763b 100644 --- a/nuclei-templates/2024/CVE-2024-35769-f82dc7eccca54732b79253717fa94d1e.yaml +++ b/nuclei-templates/2024/CVE-2024-35769-f82dc7eccca54732b79253717fa94d1e.yaml @@ -2,11 +2,11 @@ id: CVE-2024-35769-f82dc7eccca54732b79253717fa94d1e info: name: > - Slideshow SE <= 2.5.17 - Authenticated (Author+) Stored Cross-Site Scripting + Slideshow SE <= 2.5.20 - Authenticated (Author+) Stored Cross-Site Scripting author: topscoder severity: low description: > - The Slideshow SE plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.5.17 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + The Slideshow SE plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.5.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/95c262b6-4f63-4f81-bc73-b2b3fa586a21?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 2.5.17') \ No newline at end of file + - compare_versions(version, '<= 2.5.20') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-3591-911f604ca0084198acb61b8b2fb7c2ae.yaml b/nuclei-templates/2024/CVE-2024-3591-911f604ca0084198acb61b8b2fb7c2ae.yaml index 8f23579473..b6ad785c4f 100644 --- a/nuclei-templates/2024/CVE-2024-3591-911f604ca0084198acb61b8b2fb7c2ae.yaml +++ b/nuclei-templates/2024/CVE-2024-3591-911f604ca0084198acb61b8b2fb7c2ae.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: critical description: > - The Geo Controller plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 8.6.4 via deserialization of untrusted input supplied via the '/cache/shortcode' REST API route. This makes it possible for unauthenticated attackers to inject a PHP Object. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. + The Geo Controller plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 8.6.4 via deserialization of untrusted input supplied via the '/cache/shortcode' REST API route. This makes it possible for unauthenticated attackers to inject a PHP Object. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. CVE-2024-30227 is likely a duplicate of this issue. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/6f00bbab-ef84-42cf-baa7-23c434416981?source=api-prod diff --git a/nuclei-templates/2024/CVE-2024-3592-db8d56b4ffd71be1964e8f686279beb9.yaml b/nuclei-templates/2024/CVE-2024-3592-db8d56b4ffd71be1964e8f686279beb9.yaml index 91a8d05264..1dc3976304 100644 --- a/nuclei-templates/2024/CVE-2024-3592-db8d56b4ffd71be1964e8f686279beb9.yaml +++ b/nuclei-templates/2024/CVE-2024-3592-db8d56b4ffd71be1964e8f686279beb9.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: low description: > - The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'question_id' parameter in all versions up to, and including, 9.0.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'question_id' parameter in all versions up to, and including, 9.0.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. CVE-2024-5606 appears to be a duplicate of this issue. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/fc085413-db43-43e3-9b60-aeb341eed4e1?source=api-prod diff --git a/nuclei-templates/2024/CVE-2024-3636-7f9d213a2507037ac088b7efb86a4059.yaml b/nuclei-templates/2024/CVE-2024-3636-7f9d213a2507037ac088b7efb86a4059.yaml index cbba29ab77..ed0eabdfe0 100644 --- a/nuclei-templates/2024/CVE-2024-3636-7f9d213a2507037ac088b7efb86a4059.yaml +++ b/nuclei-templates/2024/CVE-2024-3636-7f9d213a2507037ac088b7efb86a4059.yaml @@ -15,17 +15,17 @@ info: cvss-score: 4.4 cve-id: CVE-2024-3636 metadata: - fofa-query: "wp-content/plugins/UNKNOWN-CVE-2023-25062-1/" - google-query: inurl:"/wp-content/plugins/UNKNOWN-CVE-2023-25062-1/" + fofa-query: "wp-content/plugins/booking-system/" + google-query: inurl:"/wp-content/plugins/booking-system/" shodan-query: 'vuln:CVE-2024-3636' - tags: cve,wordpress,wp-plugin,UNKNOWN-CVE-2023-25062-1,low + tags: cve,wordpress,wp-plugin,booking-system,low http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/UNKNOWN-CVE-2023-25062-1/readme.txt" + - "{{BaseURL}}/wp-content/plugins/booking-system/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "UNKNOWN-CVE-2023-25062-1" + - "booking-system" part: body - type: dsl diff --git a/nuclei-templates/2024/CVE-2024-3637-00630e7f63285d0deee6771e11c16dbe.yaml b/nuclei-templates/2024/CVE-2024-3637-00630e7f63285d0deee6771e11c16dbe.yaml index e9f1a0a4d0..e34b070659 100644 --- a/nuclei-templates/2024/CVE-2024-3637-00630e7f63285d0deee6771e11c16dbe.yaml +++ b/nuclei-templates/2024/CVE-2024-3637-00630e7f63285d0deee6771e11c16dbe.yaml @@ -2,11 +2,11 @@ id: CVE-2024-3637-00630e7f63285d0deee6771e11c16dbe info: name: > - Responsive Contact Form Builder & Lead Generation Plugin <= 1.8.9 - Authenticated (Admin+) Stored Cross-Site Scripting + Responsive Contact Form Builder & Lead Generation Plugin <= 1.9.7 - Authenticated (Admin+) Stored Cross-Site Scripting author: topscoder severity: low description: > - The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.8.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. + The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.9.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/e2f5a49a-117a-473c-8853-ed292eece620?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 1.8.9') \ No newline at end of file + - compare_versions(version, '<= 1.9.7') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-3679-027fedcab741a41badcd943e1f2670dd.yaml b/nuclei-templates/2024/CVE-2024-3679-027fedcab741a41badcd943e1f2670dd.yaml index 5395efa449..bc0cee167e 100644 --- a/nuclei-templates/2024/CVE-2024-3679-027fedcab741a41badcd943e1f2670dd.yaml +++ b/nuclei-templates/2024/CVE-2024-3679-027fedcab741a41badcd943e1f2670dd.yaml @@ -2,11 +2,11 @@ id: CVE-2024-3679-027fedcab741a41badcd943e1f2670dd info: name: > - Premium SEO Pack – WP SEO Plugin <= 1.6.001 - Unauthenticated Information Exposure + Premium SEO Pack – WP SEO Plugin <= 1.6.002 - Unauthenticated Information Exposure author: topscoder severity: medium description: > - The Premium SEO Pack – WP SEO Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.001. This makes it possible for unauthenticated attackers to view limited information from password protected posts through the social meta data. + The Premium SEO Pack – WP SEO Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.002. This makes it possible for unauthenticated attackers to view limited information from password protected posts through the social meta data. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/ccb65de5-bfb5-47db-87c9-ad46e65924b8?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 1.6.001') \ No newline at end of file + - compare_versions(version, '<= 1.6.002') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-37114-fae110e6288001fa0ce61873ff291f6d.yaml b/nuclei-templates/2024/CVE-2024-37114-fae110e6288001fa0ce61873ff291f6d.yaml index fc4291953e..30556420ab 100644 --- a/nuclei-templates/2024/CVE-2024-37114-fae110e6288001fa0ce61873ff291f6d.yaml +++ b/nuclei-templates/2024/CVE-2024-37114-fae110e6288001fa0ce61873ff291f6d.yaml @@ -2,11 +2,11 @@ id: CVE-2024-37114-fae110e6288001fa0ce61873ff291f6d info: name: > - My Favorites <= 1.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + My Favorites <= 1.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting author: topscoder severity: low description: > - The My Favorites plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + The My Favorites plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.4.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/77ff128b-952b-43a3-a57a-f274491ac022?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 1.4.1') \ No newline at end of file + - compare_versions(version, '<= 1.4.3') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-3718-b304d48316a35ddb4b7ec3f266736dad.yaml b/nuclei-templates/2024/CVE-2024-3718-b304d48316a35ddb4b7ec3f266736dad.yaml index e46228fea3..df11a422bc 100644 --- a/nuclei-templates/2024/CVE-2024-3718-b304d48316a35ddb4b7ec3f266736dad.yaml +++ b/nuclei-templates/2024/CVE-2024-3718-b304d48316a35ddb4b7ec3f266736dad.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: low description: > - The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's widgets all versions up to, and including, 5.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's widgets all versions up to, and including, 5.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2024-35709 is likely a duplicate of this issue. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/1b73402b-444c-47ad-9c05-7be6e6440123?source=api-prod diff --git a/nuclei-templates/2024/CVE-2024-37202-5240bcaebbb94e1d72c8bbf7401c0b00.yaml b/nuclei-templates/2024/CVE-2024-37202-5240bcaebbb94e1d72c8bbf7401c0b00.yaml index 118a69fb18..27283f9340 100644 --- a/nuclei-templates/2024/CVE-2024-37202-5240bcaebbb94e1d72c8bbf7401c0b00.yaml +++ b/nuclei-templates/2024/CVE-2024-37202-5240bcaebbb94e1d72c8bbf7401c0b00.yaml @@ -2,11 +2,11 @@ id: CVE-2024-37202-5240bcaebbb94e1d72c8bbf7401c0b00 info: name: > - Ultimate Custom Add To Cart Button (Ajax) For WooCommerce by Binary Carpenter <= 1.222.16 - Missing Authorization + Ultimate Custom Add To Cart Button (Ajax) For WooCommerce by Binary Carpenter <= 1.222.17 - Missing Authorization author: topscoder severity: low description: > - The Ultimate Custom Add To Cart Button (Ajax) For WooCommerce by Binary Carpenter plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.222.16. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action. + The Ultimate Custom Add To Cart Button (Ajax) For WooCommerce by Binary Carpenter plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.222.17. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/46030034-9731-4b6d-a3c9-c2dd9a206c46?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 1.222.16') \ No newline at end of file + - compare_versions(version, '<= 1.222.17') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-3752-a584a4abc971b7d8780694781afe910d.yaml b/nuclei-templates/2024/CVE-2024-3752-a584a4abc971b7d8780694781afe910d.yaml index 8e2c64f803..e517676b51 100644 --- a/nuclei-templates/2024/CVE-2024-3752-a584a4abc971b7d8780694781afe910d.yaml +++ b/nuclei-templates/2024/CVE-2024-3752-a584a4abc971b7d8780694781afe910d.yaml @@ -2,11 +2,11 @@ id: CVE-2024-3752-a584a4abc971b7d8780694781afe910d info: name: > - Crelly Slider <= 1.4.5 - Authenticated (Admin+) Stored Cross-Site Scripting + Crelly Slider <= 1.4.6 - Authenticated (Admin+) Stored Cross-Site Scripting author: topscoder severity: low description: > - The Crelly Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.4.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. + The Crelly Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/a885e5db-dc84-46db-960e-63f62709e1b1?source=api-prod diff --git a/nuclei-templates/2024/CVE-2024-37946-0e5e138be57a4e5362b4c2fb0e303c60.yaml b/nuclei-templates/2024/CVE-2024-37946-0e5e138be57a4e5362b4c2fb0e303c60.yaml index b59a09f951..da99459612 100644 --- a/nuclei-templates/2024/CVE-2024-37946-0e5e138be57a4e5362b4c2fb0e303c60.yaml +++ b/nuclei-templates/2024/CVE-2024-37946-0e5e138be57a4e5362b4c2fb0e303c60.yaml @@ -2,11 +2,11 @@ id: CVE-2024-37946-0e5e138be57a4e5362b4c2fb0e303c60 info: name: > - ReCaptcha Integration for WordPress <= 1.2.5 - Authenticated (Administrator+) Stored Cross-Site Scripting + ReCaptcha Integration for WordPress <= 1.2.6 - Authenticated (Administrator+) Stored Cross-Site Scripting author: topscoder severity: low description: > - The ReCaptcha Integration for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled. + The ReCaptcha Integration for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/a469a2cb-1011-4d47-95d2-0b895f24ae8f?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 1.2.5') \ No newline at end of file + - compare_versions(version, '<= 1.2.6') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-38682-7974c07ac024ae5a3029122b5a9fa0b3.yaml b/nuclei-templates/2024/CVE-2024-38682-7974c07ac024ae5a3029122b5a9fa0b3.yaml index 2f6c8764af..e2a82c7610 100644 --- a/nuclei-templates/2024/CVE-2024-38682-7974c07ac024ae5a3029122b5a9fa0b3.yaml +++ b/nuclei-templates/2024/CVE-2024-38682-7974c07ac024ae5a3029122b5a9fa0b3.yaml @@ -2,11 +2,11 @@ id: CVE-2024-38682-7974c07ac024ae5a3029122b5a9fa0b3 info: name: > - Post Layouts for Gutenberg <= 1.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting + Post Layouts for Gutenberg <= 1.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting author: topscoder severity: low description: > - The Post Layouts for Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + The Post Layouts for Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/bada73df-8dfb-4f88-a623-cf98173b25c8?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 1.2.7') \ No newline at end of file + - compare_versions(version, '<= 1.2.9') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-38765-d9a63cbc79b2a41606c3098eb3ada7a4.yaml b/nuclei-templates/2024/CVE-2024-38765-d9a63cbc79b2a41606c3098eb3ada7a4.yaml index 453cd48d03..79cbe1b162 100644 --- a/nuclei-templates/2024/CVE-2024-38765-d9a63cbc79b2a41606c3098eb3ada7a4.yaml +++ b/nuclei-templates/2024/CVE-2024-38765-d9a63cbc79b2a41606c3098eb3ada7a4.yaml @@ -2,11 +2,11 @@ id: CVE-2024-38765-d9a63cbc79b2a41606c3098eb3ada7a4 info: name: > - Oceanic <= 1.0.48 - Cross-Site Request Forgery + Oceanic <= 1.0.53 - Cross-Site Request Forgery author: topscoder severity: medium description: > - The Oceanic theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.48. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + The Oceanic theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.53. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/5678794d-244f-45d1-9049-fea01ba45989?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 1.0.48') \ No newline at end of file + - compare_versions(version, '<= 1.0.53') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-38786-849aa3fab7162a1ef62be724135b3280.yaml b/nuclei-templates/2024/CVE-2024-38786-849aa3fab7162a1ef62be724135b3280.yaml index 13dddae9cb..24ca268399 100644 --- a/nuclei-templates/2024/CVE-2024-38786-849aa3fab7162a1ef62be724135b3280.yaml +++ b/nuclei-templates/2024/CVE-2024-38786-849aa3fab7162a1ef62be724135b3280.yaml @@ -2,11 +2,11 @@ id: CVE-2024-38786-849aa3fab7162a1ef62be724135b3280 info: name: > - CoziPress <= 1.0.30 - Authenticated (Contributor+) Stored Cross-Site Scripting + CoziPress <= 1.0.32 - Authenticated (Contributor+) Stored Cross-Site Scripting author: topscoder severity: low description: > - The CoziPress theme for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + The CoziPress theme for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.32 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/a807658d-cdfc-48cc-8dfe-1dd2773fcbcf?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 1.0.30') \ No newline at end of file + - compare_versions(version, '<= 1.0.32') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-3893-62dee86dfa8b2ac0c61db54fa3f621bf.yaml b/nuclei-templates/2024/CVE-2024-3893-62dee86dfa8b2ac0c61db54fa3f621bf.yaml index a5423d6e45..9d2cff4bd6 100644 --- a/nuclei-templates/2024/CVE-2024-3893-62dee86dfa8b2ac0c61db54fa3f621bf.yaml +++ b/nuclei-templates/2024/CVE-2024-3893-62dee86dfa8b2ac0c61db54fa3f621bf.yaml @@ -11,8 +11,8 @@ info: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/e7113b1c-78dc-4648-b14a-52ff6668fd1d?source=api-prod classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N - cvss-score: 5.3 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 cve-id: CVE-2024-3893 metadata: fofa-query: "wp-content/plugins/classified-listing/" diff --git a/nuclei-templates/2024/CVE-2024-3916-e807d966b2614d6f3ab846d3efe83700.yaml b/nuclei-templates/2024/CVE-2024-3916-e807d966b2614d6f3ab846d3efe83700.yaml index a9e0ea9335..b3e676c61f 100644 --- a/nuclei-templates/2024/CVE-2024-3916-e807d966b2614d6f3ab846d3efe83700.yaml +++ b/nuclei-templates/2024/CVE-2024-3916-e807d966b2614d6f3ab846d3efe83700.yaml @@ -11,8 +11,8 @@ info: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/57103f8e-0874-4e56-8571-254607ada21c?source=api-prod classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N - cvss-score: 5.3 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 cve-id: CVE-2024-3916 metadata: fofa-query: "wp-content/plugins/swift-framework/" diff --git a/nuclei-templates/2024/CVE-2024-39678-70f27dc1298f6ae4ac79bb3c3bf23903.yaml b/nuclei-templates/2024/CVE-2024-39678-70f27dc1298f6ae4ac79bb3c3bf23903.yaml index 0d6373f76e..a14405b640 100644 --- a/nuclei-templates/2024/CVE-2024-39678-70f27dc1298f6ae4ac79bb3c3bf23903.yaml +++ b/nuclei-templates/2024/CVE-2024-39678-70f27dc1298f6ae4ac79bb3c3bf23903.yaml @@ -2,11 +2,11 @@ id: CVE-2024-39678-70f27dc1298f6ae4ac79bb3c3bf23903 info: name: > - Cooked Pro <= 1.7.15.4 - Cross-Site Request Forgery + Cooked – Recipe Management <= 1.7.15.4 - Cross-Site Request Forgery via cooked_get_recipe_ids author: topscoder severity: medium description: > - The Cooked Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.15.4. This is due to missing or incorrect nonce validation on the cooked_get_recipe_ids AJAX action. This makes it possible for unauthenticated attackers to trigger a recipe get request via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This has no real impact. + The Cooked – Recipe Management plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.15.4. This is due to missing or incorrect nonce validation on the cooked_get_recipe_ids AJAX action. This makes it possible for unauthenticated attackers to trigger a recipe get request via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This has no real impact. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/73c6522a-cb95-4037-92e9-3dca0f52f538?source=api-prod @@ -15,17 +15,17 @@ info: cvss-score: 4.3 cve-id: CVE-2024-39678 metadata: - fofa-query: "wp-content/plugins/cooked-pro/" - google-query: inurl:"/wp-content/plugins/cooked-pro/" + fofa-query: "wp-content/plugins/cooked/" + google-query: inurl:"/wp-content/plugins/cooked/" shodan-query: 'vuln:CVE-2024-39678' - tags: cve,wordpress,wp-plugin,cooked-pro,medium + tags: cve,wordpress,wp-plugin,cooked,medium http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/cooked-pro/readme.txt" + - "{{BaseURL}}/wp-content/plugins/cooked/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "cooked-pro" + - "cooked" part: body - type: dsl diff --git a/nuclei-templates/2024/CVE-2024-39679-6fabfae73a32c0fc959b0130d437a1ce.yaml b/nuclei-templates/2024/CVE-2024-39679-6fabfae73a32c0fc959b0130d437a1ce.yaml index fa3dd6fdfb..3b99afdd14 100644 --- a/nuclei-templates/2024/CVE-2024-39679-6fabfae73a32c0fc959b0130d437a1ce.yaml +++ b/nuclei-templates/2024/CVE-2024-39679-6fabfae73a32c0fc959b0130d437a1ce.yaml @@ -2,11 +2,11 @@ id: CVE-2024-39679-6fabfae73a32c0fc959b0130d437a1ce info: name: > - Cooked Pro <= 1.7.15.4 - Cross-Site Request Forgery to Template Reset + Cooked – Recipe Management <= 1.7.15.4 - Cross-Site Request Forgery to Template Reset author: topscoder severity: medium description: > - The Cooked Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.15.4. This is due to missing or incorrect nonce validation on the cooked_load_default AJAX action. This makes it possible for unauthenticated attackers to reset templates via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + The Cooked – Recipe Management plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.15.4. This is due to missing or incorrect nonce validation on the cooked_load_default AJAX action. This makes it possible for unauthenticated attackers to reset templates via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/83b91ce9-a060-47db-8120-bbed45889f9f?source=api-prod @@ -15,17 +15,17 @@ info: cvss-score: 4.3 cve-id: CVE-2024-39679 metadata: - fofa-query: "wp-content/plugins/cooked-pro/" - google-query: inurl:"/wp-content/plugins/cooked-pro/" + fofa-query: "wp-content/plugins/cooked/" + google-query: inurl:"/wp-content/plugins/cooked/" shodan-query: 'vuln:CVE-2024-39679' - tags: cve,wordpress,wp-plugin,cooked-pro,medium + tags: cve,wordpress,wp-plugin,cooked,medium http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/cooked-pro/readme.txt" + - "{{BaseURL}}/wp-content/plugins/cooked/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "cooked-pro" + - "cooked" part: body - type: dsl diff --git a/nuclei-templates/2024/CVE-2024-39680-2aad3689f441733fc4fcad9da647d39b.yaml b/nuclei-templates/2024/CVE-2024-39680-2aad3689f441733fc4fcad9da647d39b.yaml index bdcae3b8bf..068657fd7a 100644 --- a/nuclei-templates/2024/CVE-2024-39680-2aad3689f441733fc4fcad9da647d39b.yaml +++ b/nuclei-templates/2024/CVE-2024-39680-2aad3689f441733fc4fcad9da647d39b.yaml @@ -2,11 +2,11 @@ id: CVE-2024-39680-2aad3689f441733fc4fcad9da647d39b info: name: > - Cooked Pro <= 1.7.15.4 - Cross-Site Request Forgery to Settings Update + Cooked – Recipe Management <= 1.7.15.4 - Cross-Site Request Forgery to Settings Update author: topscoder severity: medium description: > - The Cooked Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.15.4. This is due to missing or incorrect nonce validation on the cooked_save_default AJAX action. This makes it possible for unauthenticated attackers to update the default_content value via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + The Cooked – Recipe Management plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.15.4. This is due to missing or incorrect nonce validation on the cooked_save_default AJAX action. This makes it possible for unauthenticated attackers to update the default_content value via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/236876d4-7838-400d-839a-ce257bf42645?source=api-prod @@ -15,17 +15,17 @@ info: cvss-score: 4.3 cve-id: CVE-2024-39680 metadata: - fofa-query: "wp-content/plugins/cooked-pro/" - google-query: inurl:"/wp-content/plugins/cooked-pro/" + fofa-query: "wp-content/plugins/cooked/" + google-query: inurl:"/wp-content/plugins/cooked/" shodan-query: 'vuln:CVE-2024-39680' - tags: cve,wordpress,wp-plugin,cooked-pro,medium + tags: cve,wordpress,wp-plugin,cooked,medium http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/cooked-pro/readme.txt" + - "{{BaseURL}}/wp-content/plugins/cooked/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "cooked-pro" + - "cooked" part: body - type: dsl diff --git a/nuclei-templates/2024/CVE-2024-39681-85b7b2a4cca6d1dcd1114106f2ae551a.yaml b/nuclei-templates/2024/CVE-2024-39681-85b7b2a4cca6d1dcd1114106f2ae551a.yaml index bc3cc37215..4c18d6696a 100644 --- a/nuclei-templates/2024/CVE-2024-39681-85b7b2a4cca6d1dcd1114106f2ae551a.yaml +++ b/nuclei-templates/2024/CVE-2024-39681-85b7b2a4cca6d1dcd1114106f2ae551a.yaml @@ -2,11 +2,11 @@ id: CVE-2024-39681-85b7b2a4cca6d1dcd1114106f2ae551a info: name: > - Cooked Pro <= 1.7.15.4 - Cross-Site Request Forgery to Template Apply + Cooked – Recipe Management <= 1.7.15.4 - Cross-Site Request Forgery to Template Apply author: topscoder severity: medium description: > - The Cooked Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.15.4. This is due to missing or incorrect nonce validation on the cooked_save_default_bulk action. This makes it possible for unauthenticated attackers to apply templates in bulk via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + The Cooked – Recipe Management plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.15.4. This is due to missing or incorrect nonce validation on the cooked_save_default_bulk action. This makes it possible for unauthenticated attackers to apply templates in bulk via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/462fcf4d-3ece-48d7-b06f-9a5de9372f5c?source=api-prod @@ -15,17 +15,17 @@ info: cvss-score: 5.4 cve-id: CVE-2024-39681 metadata: - fofa-query: "wp-content/plugins/cooked-pro/" - google-query: inurl:"/wp-content/plugins/cooked-pro/" + fofa-query: "wp-content/plugins/cooked/" + google-query: inurl:"/wp-content/plugins/cooked/" shodan-query: 'vuln:CVE-2024-39681' - tags: cve,wordpress,wp-plugin,cooked-pro,medium + tags: cve,wordpress,wp-plugin,cooked,medium http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/cooked-pro/readme.txt" + - "{{BaseURL}}/wp-content/plugins/cooked/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "cooked-pro" + - "cooked" part: body - type: dsl diff --git a/nuclei-templates/2024/CVE-2024-39682-3d201a861c98ad619d3179f2e66bcd3b.yaml b/nuclei-templates/2024/CVE-2024-39682-3d201a861c98ad619d3179f2e66bcd3b.yaml index 78194fc0e3..16264fa509 100644 --- a/nuclei-templates/2024/CVE-2024-39682-3d201a861c98ad619d3179f2e66bcd3b.yaml +++ b/nuclei-templates/2024/CVE-2024-39682-3d201a861c98ad619d3179f2e66bcd3b.yaml @@ -2,11 +2,11 @@ id: CVE-2024-39682-3d201a861c98ad619d3179f2e66bcd3b info: name: > - Cooked Pro <= 1.7.15.4 - Authenticated (Contributor+) HTML Injection + Cooked – Recipe Management <= 1.7.15.4 - Authenticated (Contributor+) HTML Injection author: topscoder severity: low description: > - The Cooked Pro plugin for WordPress is vulnerable toH TML Injection in all versions up to, and including, 1.7.15.4. This is due to the plugin not properly escaping/validating input to _recipe_settings. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary HTML in a field that should not allow it. + The Cooked – Recipe Management plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 1.7.15.4. This is due to the plugin not properly escaping/validating input to _recipe_settings. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary HTML in a field that should not allow it. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/b9c501a3-e092-453a-900f-60967b12c928?source=api-prod @@ -15,17 +15,17 @@ info: cvss-score: 5 cve-id: CVE-2024-39682 metadata: - fofa-query: "wp-content/plugins/cooked-pro/" - google-query: inurl:"/wp-content/plugins/cooked-pro/" + fofa-query: "wp-content/plugins/cooked/" + google-query: inurl:"/wp-content/plugins/cooked/" shodan-query: 'vuln:CVE-2024-39682' - tags: cve,wordpress,wp-plugin,cooked-pro,low + tags: cve,wordpress,wp-plugin,cooked,low http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/cooked-pro/readme.txt" + - "{{BaseURL}}/wp-content/plugins/cooked/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "cooked-pro" + - "cooked" part: body - type: dsl diff --git a/nuclei-templates/2024/CVE-2024-4186-d603bcf212543e8a6d6c6a217dad6c87.yaml b/nuclei-templates/2024/CVE-2024-4186-d603bcf212543e8a6d6c6a217dad6c87.yaml index c0561b9420..948b19e1fe 100644 --- a/nuclei-templates/2024/CVE-2024-4186-d603bcf212543e8a6d6c6a217dad6c87.yaml +++ b/nuclei-templates/2024/CVE-2024-4186-d603bcf212543e8a6d6c6a217dad6c87.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: critical description: > - The Build App Online plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.0.5. This is due to the 'eb_user_email_verification_key' default value is empty, and the not empty check is missing in the 'eb_user_email_verify' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id. This can only be exploited if the 'Email Verification' setting is enabled. + The Edwiser Bridge plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.0.5. This is due to the 'eb_user_email_verification_key' default value is empty, and the not empty check is missing in the 'eb_user_email_verify' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id. This can only be exploited if the 'Email Verification' setting is enabled. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/6969d281-f280-4714-9859-38ac66e9cc60?source=api-prod diff --git a/nuclei-templates/2024/CVE-2024-4262-35ce47cb98788e7bedffde4793c9deae.yaml b/nuclei-templates/2024/CVE-2024-4262-35ce47cb98788e7bedffde4793c9deae.yaml index 9c8b8ae5cc..955cb3a810 100644 --- a/nuclei-templates/2024/CVE-2024-4262-35ce47cb98788e7bedffde4793c9deae.yaml +++ b/nuclei-templates/2024/CVE-2024-4262-35ce47cb98788e7bedffde4793c9deae.yaml @@ -11,8 +11,8 @@ info: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/812cc8f1-f89e-47c4-b029-f6a3dbc55d70?source=api-prod classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N - cvss-score: 7.2 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 cve-id: CVE-2024-4262 metadata: fofa-query: "wp-content/plugins/piotnet-addons-for-elementor/" diff --git a/nuclei-templates/2024/CVE-2024-4265-653f92e9a55f8b2a4a38c4fb5a73a93a.yaml b/nuclei-templates/2024/CVE-2024-4265-653f92e9a55f8b2a4a38c4fb5a73a93a.yaml index 7205feeb23..9e0fca077c 100644 --- a/nuclei-templates/2024/CVE-2024-4265-653f92e9a55f8b2a4a38c4fb5a73a93a.yaml +++ b/nuclei-templates/2024/CVE-2024-4265-653f92e9a55f8b2a4a38c4fb5a73a93a.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: low description: > - The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in versions up to, and including, 2.0.5.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in versions up to, and including, 2.0.5.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2024-35688 is likely a duplicate of this issue. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/a9a48769-94d9-459f-b34b-fdfe4c10b36c?source=api-prod diff --git a/nuclei-templates/2024/CVE-2024-4268-c9a6cea3cea4a5a2f591c89912918df6.yaml b/nuclei-templates/2024/CVE-2024-4268-c9a6cea3cea4a5a2f591c89912918df6.yaml index 785057b122..817f5e991c 100644 --- a/nuclei-templates/2024/CVE-2024-4268-c9a6cea3cea4a5a2f591c89912918df6.yaml +++ b/nuclei-templates/2024/CVE-2024-4268-c9a6cea3cea4a5a2f591c89912918df6.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: low description: > - The Ultimate Blocks – WordPress Blocks Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's blocks in all versions up to, and including, 3.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + The Ultimate Blocks – WordPress Blocks Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's blocks in all versions up to, and including, 3.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2024-37457 may be a duplicate of this issue. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/00b60b53-77bf-4640-bf2b-84e011014623?source=api-prod diff --git a/nuclei-templates/2024/CVE-2024-43224-bf74b0250e998360257b17cb9f6cad9d.yaml b/nuclei-templates/2024/CVE-2024-43224-bf74b0250e998360257b17cb9f6cad9d.yaml index 8cd4cd4528..c18e29839c 100644 --- a/nuclei-templates/2024/CVE-2024-43224-bf74b0250e998360257b17cb9f6cad9d.yaml +++ b/nuclei-templates/2024/CVE-2024-43224-bf74b0250e998360257b17cb9f6cad9d.yaml @@ -2,11 +2,11 @@ id: CVE-2024-43224-bf74b0250e998360257b17cb9f6cad9d info: name: > - YaMaps for WordPress <= 0.6.27 - Authenticated (Contributor+) Stored Cross-Site Scripting + YaMaps for WordPress <= 0.6.28 - Authenticated (Contributor+) Stored Cross-Site Scripting author: topscoder severity: low description: > - The YaMaps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 0.6.27 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + The YaMaps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 0.6.28 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/6662581b-a057-4b88-951d-824c64f9cdfd?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 0.6.27') \ No newline at end of file + - compare_versions(version, '<= 0.6.28') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-43269-0c1f242de365e56e055b30f6f86d4ff6.yaml b/nuclei-templates/2024/CVE-2024-43269-0c1f242de365e56e055b30f6f86d4ff6.yaml index 7f125af4b7..2e47d95190 100644 --- a/nuclei-templates/2024/CVE-2024-43269-0c1f242de365e56e055b30f6f86d4ff6.yaml +++ b/nuclei-templates/2024/CVE-2024-43269-0c1f242de365e56e055b30f6f86d4ff6.yaml @@ -2,17 +2,17 @@ id: CVE-2024-43269-0c1f242de365e56e055b30f6f86d4ff6 info: name: > - Backup and Restore WordPress <= 1.50 - Cross-Site Request Forgery + Backup and Restore Wordpress <= 1.50 - Cross-Site Request Forgery to Backup Trigger author: topscoder severity: medium description: > - The Backup and Restore WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.50. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + The Backup and Restore WordPress – Backup Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.50. This is due to missing or incorrect nonce validation on the ajax_queue_manual_backup() function. This makes it possible for unauthenticated attackers to trigger backups via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/fa15939c-44eb-45e5-95d7-49307912f21c?source=api-prod classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N - cvss-score: 4.3 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N + cvss-score: 6.5 cve-id: CVE-2024-43269 metadata: fofa-query: "wp-content/plugins/wp-backitup/" diff --git a/nuclei-templates/2024/CVE-2024-43271-b31214f9813d473f3cd67a61f9d552af.yaml b/nuclei-templates/2024/CVE-2024-43271-b31214f9813d473f3cd67a61f9d552af.yaml index 30d4ec8488..170cde6d47 100644 --- a/nuclei-templates/2024/CVE-2024-43271-b31214f9813d473f3cd67a61f9d552af.yaml +++ b/nuclei-templates/2024/CVE-2024-43271-b31214f9813d473f3cd67a61f9d552af.yaml @@ -2,11 +2,11 @@ id: CVE-2024-43271-b31214f9813d473f3cd67a61f9d552af info: name: > - Woo Products Widgets For Elementor <= 2.0.0 - Authenticated (Contributor+) Local File Inclusion + Woo Products Widgets For Elementor <= 2.0.4 - Authenticated (Contributor+) Local File Inclusion author: topscoder severity: low description: > - The Widgets for WooCommerce Products on Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.0.0. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. + The Widgets for WooCommerce Products on Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.0.4. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/e8336c89-44ac-4e41-bc81-7dae9599c050?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 2.0.0') \ No newline at end of file + - compare_versions(version, '<= 2.0.4') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-43308-192b2df1f5f4f85d5f8625397708ef74.yaml b/nuclei-templates/2024/CVE-2024-43308-192b2df1f5f4f85d5f8625397708ef74.yaml index f1cedc13f0..748471c929 100644 --- a/nuclei-templates/2024/CVE-2024-43308-192b2df1f5f4f85d5f8625397708ef74.yaml +++ b/nuclei-templates/2024/CVE-2024-43308-192b2df1f5f4f85d5f8625397708ef74.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: low description: > - The Gutentor - Gutenberg Blocks - Page Builder for Gutenberg Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.3.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + The Gutentor - Gutenberg Blocks - Page Builder for Gutenberg Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.3.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2024-5417 may be a duplicate of this issue. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/c3b1ff70-7e37-4f74-bd72-ecda81d13d83?source=api-prod diff --git a/nuclei-templates/2024/CVE-2024-43334-2b3a05c319295d3f73e95677c45ee59f.yaml b/nuclei-templates/2024/CVE-2024-43334-2b3a05c319295d3f73e95677c45ee59f.yaml index b36f2f882c..589b1cb9b2 100644 --- a/nuclei-templates/2024/CVE-2024-43334-2b3a05c319295d3f73e95677c45ee59f.yaml +++ b/nuclei-templates/2024/CVE-2024-43334-2b3a05c319295d3f73e95677c45ee59f.yaml @@ -15,17 +15,17 @@ info: cvss-score: 6.1 cve-id: CVE-2024-43334 metadata: - fofa-query: "wp-content/themes/fioxen/" - google-query: inurl:"/wp-content/themes/fioxen/" + fofa-query: "wp-content/themes/zilom/" + google-query: inurl:"/wp-content/themes/zilom/" shodan-query: 'vuln:CVE-2024-43334' - tags: cve,wordpress,wp-theme,fioxen,medium + tags: cve,wordpress,wp-theme,zilom,medium http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/themes/fioxen/style.css" + - "{{BaseURL}}/wp-content/themes/zilom/style.css" extractors: - type: regex @@ -51,9 +51,9 @@ http: - type: word words: - - "fioxen" + - "zilom" part: body - type: dsl dsl: - - compare_versions(version, '<= 1.0.9') \ No newline at end of file + - compare_versions(version, '<= 1.2.1') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-4367-071067913def073fc135903d59852abe.yaml b/nuclei-templates/2024/CVE-2024-4367-071067913def073fc135903d59852abe.yaml new file mode 100644 index 0000000000..c6fa194020 --- /dev/null +++ b/nuclei-templates/2024/CVE-2024-4367-071067913def073fc135903d59852abe.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-4367-071067913def073fc135903d59852abe + +info: + name: > + PDF.js < 4.2.67 - Arbitrary JavaScript Execution + author: topscoder + severity: low + description: > + PDF.js is vulnerable to Arbitrary JavaScript Execution in versions prior to 4.2.67. This is due to a missing type check when handling fonts. This makes it possible for authenticated attackers, with contributor-level or above permissions, to execute arbitrary JavaScript if they can successfully trick a user into opening a crafted PDF file. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8ce7aa01-7e79-4048-a84d-fcb9541d5f8b?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-4367 + metadata: + fofa-query: "wp-content/plugins/tainacan/" + google-query: inurl:"/wp-content/plugins/tainacan/" + shodan-query: 'vuln:CVE-2024-4367' + tags: cve,wordpress,wp-plugin,tainacan,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tainacan/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tainacan" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.21.5') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-4367-3f19aa1212be4f259d42007f7b293a3f.yaml b/nuclei-templates/2024/CVE-2024-4367-3f19aa1212be4f259d42007f7b293a3f.yaml index 0eb15431ee..4e96f98b25 100644 --- a/nuclei-templates/2024/CVE-2024-4367-3f19aa1212be4f259d42007f7b293a3f.yaml +++ b/nuclei-templates/2024/CVE-2024-4367-3f19aa1212be4f259d42007f7b293a3f.yaml @@ -15,17 +15,17 @@ info: cvss-score: 6.4 cve-id: CVE-2024-4367 metadata: - fofa-query: "wp-content/plugins/UNKNOWN-CVE-2023-5749-1/" - google-query: inurl:"/wp-content/plugins/UNKNOWN-CVE-2023-5749-1/" + fofa-query: "wp-content/plugins/pdfjs-viewer-for-elementor/" + google-query: inurl:"/wp-content/plugins/pdfjs-viewer-for-elementor/" shodan-query: 'vuln:CVE-2024-4367' - tags: cve,wordpress,wp-plugin,UNKNOWN-CVE-2023-5749-1,low + tags: cve,wordpress,wp-plugin,pdfjs-viewer-for-elementor,low http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/UNKNOWN-CVE-2023-5749-1/readme.txt" + - "{{BaseURL}}/wp-content/plugins/pdfjs-viewer-for-elementor/readme.txt" extractors: - type: regex @@ -51,9 +51,9 @@ http: - type: word words: - - "UNKNOWN-CVE-2023-5749-1" + - "pdfjs-viewer-for-elementor" part: body - type: dsl dsl: - - compare_versions(version, '<= 4.0.0') \ No newline at end of file + - compare_versions(version, '<= 1.3.2') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-4367-5f46b0859d340a2be7ee06cf167a3ccb.yaml b/nuclei-templates/2024/CVE-2024-4367-5f46b0859d340a2be7ee06cf167a3ccb.yaml new file mode 100644 index 0000000000..bc1c3ba3b8 --- /dev/null +++ b/nuclei-templates/2024/CVE-2024-4367-5f46b0859d340a2be7ee06cf167a3ccb.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-4367-5f46b0859d340a2be7ee06cf167a3ccb + +info: + name: > + PDF.js < 4.2.67 - Arbitrary JavaScript Execution + author: topscoder + severity: low + description: > + PDF.js is vulnerable to Arbitrary JavaScript Execution in versions prior to 4.2.67. This is due to a missing type check when handling fonts. This makes it possible for authenticated attackers, with contributor-level or above permissions, to execute arbitrary JavaScript if they can successfully trick a user into opening a crafted PDF file. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8ce7aa01-7e79-4048-a84d-fcb9541d5f8b?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-4367 + metadata: + fofa-query: "wp-content/plugins/wonderplugin-pdf-embed/" + google-query: inurl:"/wp-content/plugins/wonderplugin-pdf-embed/" + shodan-query: 'vuln:CVE-2024-4367' + tags: cve,wordpress,wp-plugin,wonderplugin-pdf-embed,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wonderplugin-pdf-embed/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wonderplugin-pdf-embed" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-4367-64d8b01fbff4deeea7f806609cc4d1e4.yaml b/nuclei-templates/2024/CVE-2024-4367-64d8b01fbff4deeea7f806609cc4d1e4.yaml new file mode 100644 index 0000000000..0a94d0d694 --- /dev/null +++ b/nuclei-templates/2024/CVE-2024-4367-64d8b01fbff4deeea7f806609cc4d1e4.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-4367-64d8b01fbff4deeea7f806609cc4d1e4 + +info: + name: > + PDF.js < 4.2.67 - Arbitrary JavaScript Execution + author: topscoder + severity: low + description: > + PDF.js is vulnerable to Arbitrary JavaScript Execution in versions prior to 4.2.67. This is due to a missing type check when handling fonts. This makes it possible for authenticated attackers, with contributor-level or above permissions, to execute arbitrary JavaScript if they can successfully trick a user into opening a crafted PDF file. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8ce7aa01-7e79-4048-a84d-fcb9541d5f8b?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-4367 + metadata: + fofa-query: "wp-content/plugins/ari-fancy-lightbox/" + google-query: inurl:"/wp-content/plugins/ari-fancy-lightbox/" + shodan-query: 'vuln:CVE-2024-4367' + tags: cve,wordpress,wp-plugin,ari-fancy-lightbox,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ari-fancy-lightbox/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ari-fancy-lightbox" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.14') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-4367-7739f01ba4e13fc548897f79a9be19a3.yaml b/nuclei-templates/2024/CVE-2024-4367-7739f01ba4e13fc548897f79a9be19a3.yaml new file mode 100644 index 0000000000..07783cb283 --- /dev/null +++ b/nuclei-templates/2024/CVE-2024-4367-7739f01ba4e13fc548897f79a9be19a3.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-4367-7739f01ba4e13fc548897f79a9be19a3 + +info: + name: > + PDF.js < 4.2.67 - Arbitrary JavaScript Execution + author: topscoder + severity: low + description: > + PDF.js is vulnerable to Arbitrary JavaScript Execution in versions prior to 4.2.67. This is due to a missing type check when handling fonts. This makes it possible for authenticated attackers, with contributor-level or above permissions, to execute arbitrary JavaScript if they can successfully trick a user into opening a crafted PDF file. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8ce7aa01-7e79-4048-a84d-fcb9541d5f8b?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-4367 + metadata: + fofa-query: "wp-content/plugins/embedpress/" + google-query: inurl:"/wp-content/plugins/embedpress/" + shodan-query: 'vuln:CVE-2024-4367' + tags: cve,wordpress,wp-plugin,embedpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/embedpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "embedpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.2') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-4367-83672b38ff8b769850dc8b342d143488.yaml b/nuclei-templates/2024/CVE-2024-4367-83672b38ff8b769850dc8b342d143488.yaml new file mode 100644 index 0000000000..e615ba88a0 --- /dev/null +++ b/nuclei-templates/2024/CVE-2024-4367-83672b38ff8b769850dc8b342d143488.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-4367-83672b38ff8b769850dc8b342d143488 + +info: + name: > + PDF.js < 4.2.67 - Arbitrary JavaScript Execution + author: topscoder + severity: low + description: > + PDF.js is vulnerable to Arbitrary JavaScript Execution in versions prior to 4.2.67. This is due to a missing type check when handling fonts. This makes it possible for authenticated attackers, with contributor-level or above permissions, to execute arbitrary JavaScript if they can successfully trick a user into opening a crafted PDF file. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8ce7aa01-7e79-4048-a84d-fcb9541d5f8b?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-4367 + metadata: + fofa-query: "wp-content/plugins/pdf-embedder/" + google-query: inurl:"/wp-content/plugins/pdf-embedder/" + shodan-query: 'vuln:CVE-2024-4367' + tags: cve,wordpress,wp-plugin,pdf-embedder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pdf-embedder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pdf-embedder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.7.1') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-4367-f3f25193d1ac0ec1ffd891ffe080f92a.yaml b/nuclei-templates/2024/CVE-2024-4367-f3f25193d1ac0ec1ffd891ffe080f92a.yaml new file mode 100644 index 0000000000..17b5beb32c --- /dev/null +++ b/nuclei-templates/2024/CVE-2024-4367-f3f25193d1ac0ec1ffd891ffe080f92a.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-4367-f3f25193d1ac0ec1ffd891ffe080f92a + +info: + name: > + PDF.js < 4.2.67 - Arbitrary JavaScript Execution + author: topscoder + severity: low + description: > + PDF.js is vulnerable to Arbitrary JavaScript Execution in versions prior to 4.2.67. This is due to a missing type check when handling fonts. This makes it possible for authenticated attackers, with contributor-level or above permissions, to execute arbitrary JavaScript if they can successfully trick a user into opening a crafted PDF file. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8ce7aa01-7e79-4048-a84d-fcb9541d5f8b?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-4367 + metadata: + fofa-query: "wp-content/plugins/pdf-poster/" + google-query: inurl:"/wp-content/plugins/pdf-poster/" + shodan-query: 'vuln:CVE-2024-4367' + tags: cve,wordpress,wp-plugin,pdf-poster,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pdf-poster/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pdf-poster" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.21') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-4367-f97c2eb3f04cf2695acef87fc5ea6dbd.yaml b/nuclei-templates/2024/CVE-2024-4367-f97c2eb3f04cf2695acef87fc5ea6dbd.yaml new file mode 100644 index 0000000000..125fb1576e --- /dev/null +++ b/nuclei-templates/2024/CVE-2024-4367-f97c2eb3f04cf2695acef87fc5ea6dbd.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-4367-f97c2eb3f04cf2695acef87fc5ea6dbd + +info: + name: > + PDF.js < 4.2.67 - Arbitrary JavaScript Execution + author: topscoder + severity: low + description: > + PDF.js is vulnerable to Arbitrary JavaScript Execution in versions prior to 4.2.67. This is due to a missing type check when handling fonts. This makes it possible for authenticated attackers, with contributor-level or above permissions, to execute arbitrary JavaScript if they can successfully trick a user into opening a crafted PDF file. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8ce7aa01-7e79-4048-a84d-fcb9541d5f8b?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-4367 + metadata: + fofa-query: "wp-content/plugins/3d-flipbook-dflip-lite/" + google-query: inurl:"/wp-content/plugins/3d-flipbook-dflip-lite/" + shodan-query: 'vuln:CVE-2024-4367' + tags: cve,wordpress,wp-plugin,3d-flipbook-dflip-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/3d-flipbook-dflip-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "3d-flipbook-dflip-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.15.5') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-4373-5c7117dbe0556218acb32a392006ba15.yaml b/nuclei-templates/2024/CVE-2024-4373-5c7117dbe0556218acb32a392006ba15.yaml index b407a7e759..b2bece1b57 100644 --- a/nuclei-templates/2024/CVE-2024-4373-5c7117dbe0556218acb32a392006ba15.yaml +++ b/nuclei-templates/2024/CVE-2024-4373-5c7117dbe0556218acb32a392006ba15.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: low description: > - The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Sina Particle Layer widget in all versions up to, and including, 3.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Sina Particle Layer widget in all versions up to, and including, 3.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2024-35703 is likely a duplicate of this issue. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/eee04b1d-188a-4b92-a6f3-dfa843ca20d7?source=api-prod diff --git a/nuclei-templates/2024/CVE-2024-43937-c376fa8b82f0a3853b039511e3c93577.yaml b/nuclei-templates/2024/CVE-2024-43937-c376fa8b82f0a3853b039511e3c93577.yaml index a77ef6fbcf..2c9f65c566 100644 --- a/nuclei-templates/2024/CVE-2024-43937-c376fa8b82f0a3853b039511e3c93577.yaml +++ b/nuclei-templates/2024/CVE-2024-43937-c376fa8b82f0a3853b039511e3c93577.yaml @@ -11,8 +11,8 @@ info: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/0cf65972-a651-41b0-8f57-709e0ff685fa?source=api-prod classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N - cvss-score: 5.3 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 cve-id: CVE-2024-43937 metadata: fofa-query: "wp-content/plugins/wp-crowdfunding/" diff --git a/nuclei-templates/2024/CVE-2024-43945-0e1aacae99f747dc95b42d1273d3769c.yaml b/nuclei-templates/2024/CVE-2024-43945-0e1aacae99f747dc95b42d1273d3769c.yaml index abd23a123b..e2952215e8 100644 --- a/nuclei-templates/2024/CVE-2024-43945-0e1aacae99f747dc95b42d1273d3769c.yaml +++ b/nuclei-templates/2024/CVE-2024-43945-0e1aacae99f747dc95b42d1273d3769c.yaml @@ -15,17 +15,17 @@ info: cvss-score: 4.3 cve-id: CVE-2024-43945 metadata: - fofa-query: "wp-content/plugins/LatePoint/" - google-query: inurl:"/wp-content/plugins/LatePoint/" + fofa-query: "wp-content/plugins/latepoint/" + google-query: inurl:"/wp-content/plugins/latepoint/" shodan-query: 'vuln:CVE-2024-43945' - tags: cve,wordpress,wp-plugin,LatePoint,medium + tags: cve,wordpress,wp-plugin,latepoint,medium http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/LatePoint/readme.txt" + - "{{BaseURL}}/wp-content/plugins/latepoint/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "LatePoint" + - "latepoint" part: body - type: dsl diff --git a/nuclei-templates/2024/CVE-2024-43946-e06d5590d7d1324aadab025244d72b5a.yaml b/nuclei-templates/2024/CVE-2024-43946-e06d5590d7d1324aadab025244d72b5a.yaml index fdcd2e57ae..65aa918761 100644 --- a/nuclei-templates/2024/CVE-2024-43946-e06d5590d7d1324aadab025244d72b5a.yaml +++ b/nuclei-templates/2024/CVE-2024-43946-e06d5590d7d1324aadab025244d72b5a.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: low description: > - The SKT Blocks – Gutenberg based Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + The SKT Blocks – Gutenberg based Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2024-48036 may be a duplicate of this issue. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/8a2cd4d3-12d3-43bd-bde1-927b793f04a8?source=api-prod diff --git a/nuclei-templates/2024/CVE-2024-43953-196c2530e1c82e43fa332f5a5c1a2d0e.yaml b/nuclei-templates/2024/CVE-2024-43953-196c2530e1c82e43fa332f5a5c1a2d0e.yaml index f0f6134528..045d6b4438 100644 --- a/nuclei-templates/2024/CVE-2024-43953-196c2530e1c82e43fa332f5a5c1a2d0e.yaml +++ b/nuclei-templates/2024/CVE-2024-43953-196c2530e1c82e43fa332f5a5c1a2d0e.yaml @@ -2,11 +2,11 @@ id: CVE-2024-43953-196c2530e1c82e43fa332f5a5c1a2d0e info: name: > - Classic Addons – WPBakery Page Builder <= 3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + Classic Addons – WPBakery Page Builder <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting author: topscoder severity: low description: > - The Classic Addons – WPBakery Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + The Classic Addons – WPBakery Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/b7b86b0b-84df-4b58-b50a-d61af6e3c1d3?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 3.0') \ No newline at end of file + - compare_versions(version, '<= 3.1') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-43972-a808613406c5e2ae385a5f795c34c0ac.yaml b/nuclei-templates/2024/CVE-2024-43972-a808613406c5e2ae385a5f795c34c0ac.yaml index dcf00cd41b..2330d3f4e0 100644 --- a/nuclei-templates/2024/CVE-2024-43972-a808613406c5e2ae385a5f795c34c0ac.yaml +++ b/nuclei-templates/2024/CVE-2024-43972-a808613406c5e2ae385a5f795c34c0ac.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: low description: > - The PageLayer plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.8.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled. + The PageLayer plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.8.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled. CVE-2024-8426 may be a duplicate of this issue. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/09ac7546-0572-4446-99f7-fe84f76fac9b?source=api-prod diff --git a/nuclei-templates/2024/CVE-2024-43992-5efe03af03d735e40c15a3f0747c96c3.yaml b/nuclei-templates/2024/CVE-2024-43992-5efe03af03d735e40c15a3f0747c96c3.yaml index 5fd9c6ab91..de984e3845 100644 --- a/nuclei-templates/2024/CVE-2024-43992-5efe03af03d735e40c15a3f0747c96c3.yaml +++ b/nuclei-templates/2024/CVE-2024-43992-5efe03af03d735e40c15a3f0747c96c3.yaml @@ -15,17 +15,17 @@ info: cvss-score: 6.4 cve-id: CVE-2024-43992 metadata: - fofa-query: "wp-content/plugins/LatePoint/" - google-query: inurl:"/wp-content/plugins/LatePoint/" + fofa-query: "wp-content/plugins/latepoint/" + google-query: inurl:"/wp-content/plugins/latepoint/" shodan-query: 'vuln:CVE-2024-43992' - tags: cve,wordpress,wp-plugin,LatePoint,low + tags: cve,wordpress,wp-plugin,latepoint,low http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/LatePoint/readme.txt" + - "{{BaseURL}}/wp-content/plugins/latepoint/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "LatePoint" + - "latepoint" part: body - type: dsl diff --git a/nuclei-templates/2024/CVE-2024-43995-1023991ce1d6cd26459005edcd46b127.yaml b/nuclei-templates/2024/CVE-2024-43995-1023991ce1d6cd26459005edcd46b127.yaml index 14874e78b8..cbccd5c2eb 100644 --- a/nuclei-templates/2024/CVE-2024-43995-1023991ce1d6cd26459005edcd46b127.yaml +++ b/nuclei-templates/2024/CVE-2024-43995-1023991ce1d6cd26459005edcd46b127.yaml @@ -2,11 +2,11 @@ id: CVE-2024-43995-1023991ce1d6cd26459005edcd46b127 info: name: > - Posterity <= 3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting + Posterity <= 3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting author: topscoder severity: low description: > - The Posterity theme for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + The Posterity theme for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/5f6eba90-3e9d-48d0-aae2-81ff216315da?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 3.6') \ No newline at end of file + - compare_versions(version, '<= 3.8') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-44024-46bea888721a1b7f1bc85e9910fa189a.yaml b/nuclei-templates/2024/CVE-2024-44024-46bea888721a1b7f1bc85e9910fa189a.yaml index b2baa44f14..cc3f50bb8e 100644 --- a/nuclei-templates/2024/CVE-2024-44024-46bea888721a1b7f1bc85e9910fa189a.yaml +++ b/nuclei-templates/2024/CVE-2024-44024-46bea888721a1b7f1bc85e9910fa189a.yaml @@ -2,11 +2,11 @@ id: CVE-2024-44024-46bea888721a1b7f1bc85e9910fa189a info: name: > - Medical Addon for Elementor <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting + Medical Addon for Elementor <= 1.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting author: topscoder severity: low description: > - The Medical Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + The Medical Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/9649b153-3acc-4e5b-9338-448099aba887?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 1.4') \ No newline at end of file + - compare_versions(version, '<= 1.6.1') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-44043-be7388f6d531e72bdca8eb37dac092ec.yaml b/nuclei-templates/2024/CVE-2024-44043-be7388f6d531e72bdca8eb37dac092ec.yaml index 540eaaf2a5..d24f276492 100644 --- a/nuclei-templates/2024/CVE-2024-44043-be7388f6d531e72bdca8eb37dac092ec.yaml +++ b/nuclei-templates/2024/CVE-2024-44043-be7388f6d531e72bdca8eb37dac092ec.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: low description: > - The Photo Gallery by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.8.27 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled. + The Photo Gallery by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.8.27 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled. CVE-2024-5968 may be a duplicate of this issue. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/684e199b-c3c9-47d5-a67e-8f4735eaed84?source=api-prod diff --git a/nuclei-templates/2024/CVE-2024-44049-948305af8a3fbadbb68390b3769b8864.yaml b/nuclei-templates/2024/CVE-2024-44049-948305af8a3fbadbb68390b3769b8864.yaml index 84d156870a..cb9c8b10a9 100644 --- a/nuclei-templates/2024/CVE-2024-44049-948305af8a3fbadbb68390b3769b8864.yaml +++ b/nuclei-templates/2024/CVE-2024-44049-948305af8a3fbadbb68390b3769b8864.yaml @@ -2,11 +2,11 @@ id: CVE-2024-44049-948305af8a3fbadbb68390b3769b8864 info: name: > - Gutenberg Blocks – Unlimited blocks For Gutenberg <= 1.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting + Gutenberg Blocks – Unlimited blocks For Gutenberg <= 1.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting author: topscoder severity: low description: > - The Gutenberg Blocks – Unlimited blocks For Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + The Gutenberg Blocks – Unlimited blocks For Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/02737f71-7ea6-4ce7-87e8-3988e3759f00?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 1.2.7') \ No newline at end of file + - compare_versions(version, '<= 1.2.8') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-4442-bfd9fc2e11f82202e3317db7b1d6b9d3.yaml b/nuclei-templates/2024/CVE-2024-4442-bfd9fc2e11f82202e3317db7b1d6b9d3.yaml index ed617433fa..74cfb7f49a 100644 --- a/nuclei-templates/2024/CVE-2024-4442-bfd9fc2e11f82202e3317db7b1d6b9d3.yaml +++ b/nuclei-templates/2024/CVE-2024-4442-bfd9fc2e11f82202e3317db7b1d6b9d3.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: critical description: > - The Salon booking system plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 9.8. This is due to the plugin not properly validating the path of an uploaded file prior to deleting it. This makes it possible for unauthenticated attackers to delete arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible. This was partially patched in 9.9, and sufficiently patched in 10.0. + The Salon booking system plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 9.8. This is due to the plugin not properly validating the path of an uploaded file prior to deleting it. This makes it possible for unauthenticated attackers to delete arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible. This was partially patched in 9.9, and sufficiently patched in 10.0. CVE-2024-37231 appears to be a duplicate of this issue. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/eaafeadd-f44c-49b1-b900-ef40800c629e?source=api-prod diff --git a/nuclei-templates/2024/CVE-2024-4448-0a67619159a52ba9fb58c835005ad6e0.yaml b/nuclei-templates/2024/CVE-2024-4448-0a67619159a52ba9fb58c835005ad6e0.yaml index 79c90094c2..7067000c3f 100644 --- a/nuclei-templates/2024/CVE-2024-4448-0a67619159a52ba9fb58c835005ad6e0.yaml +++ b/nuclei-templates/2024/CVE-2024-4448-0a67619159a52ba9fb58c835005ad6e0.yaml @@ -11,8 +11,8 @@ info: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/21e12c72-7898-4896-9852-ebb10e5f9a3b?source=api-prod classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N - cvss-score: 6.5 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 cve-id: CVE-2024-4448 metadata: fofa-query: "wp-content/plugins/essential-addons-for-elementor-lite/" diff --git a/nuclei-templates/2024/CVE-2024-4490-a71279b5729f40993764b7f4a01c6356.yaml b/nuclei-templates/2024/CVE-2024-4490-a71279b5729f40993764b7f4a01c6356.yaml index 438909b3e3..ad8e505660 100644 --- a/nuclei-templates/2024/CVE-2024-4490-a71279b5729f40993764b7f4a01c6356.yaml +++ b/nuclei-templates/2024/CVE-2024-4490-a71279b5729f40993764b7f4a01c6356.yaml @@ -15,17 +15,17 @@ info: cvss-score: 6.4 cve-id: CVE-2024-4490 metadata: - fofa-query: "wp-content/plugins/divi-builder/" - google-query: inurl:"/wp-content/plugins/divi-builder/" + fofa-query: "wp-content/themes/extra/" + google-query: inurl:"/wp-content/themes/extra/" shodan-query: 'vuln:CVE-2024-4490' - tags: cve,wordpress,wp-plugin,divi-builder,low + tags: cve,wordpress,wp-theme,extra,low http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/divi-builder/readme.txt" + - "{{BaseURL}}/wp-content/themes/extra/style.css" extractors: - type: regex @@ -34,14 +34,14 @@ http: group: 1 internal: true regex: - - "(?mi)Stable tag: ([0-9.]+)" + - "(?mi)Version: ([0-9.]+)" - type: regex name: version part: body group: 1 regex: - - "(?mi)Stable tag: ([0-9.]+)" + - "(?mi)Version: ([0-9.]+)" matchers-condition: and matchers: @@ -51,7 +51,7 @@ http: - type: word words: - - "divi-builder" + - "extra" part: body - type: dsl diff --git a/nuclei-templates/2024/CVE-2024-45293-99b1798fc3f64a28fc4dba585a582f72.yaml b/nuclei-templates/2024/CVE-2024-45293-99b1798fc3f64a28fc4dba585a582f72.yaml new file mode 100644 index 0000000000..86e11a0430 --- /dev/null +++ b/nuclei-templates/2024/CVE-2024-45293-99b1798fc3f64a28fc4dba585a582f72.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-45293-99b1798fc3f64a28fc4dba585a582f72 + +info: + name: > + PHPSpreadsheet Library < 2.3.0 - XXE Injection + author: topscoder + severity: high + description: > + The security scanner that prevents XXE attacks in the XLSX reader can be bypassed by slightly modifying the XML structure, utilizing white spaces. On servers that allow users to upload their own Excel (XLSX) sheets, Server files, and sensitive information can be disclosed by providing a crafted sheet. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/38f950b7-e3a0-4e05-a8b0-9cc6b6c66b0c?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cve-id: CVE-2024-45293 + metadata: + fofa-query: "wp-content/plugins/users-import-export-with-excel-for-wp/" + google-query: inurl:"/wp-content/plugins/users-import-export-with-excel-for-wp/" + shodan-query: 'vuln:CVE-2024-45293' + tags: cve,wordpress,wp-plugin,users-import-export-with-excel-for-wp,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/users-import-export-with-excel-for-wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "users-import-export-with-excel-for-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-45293-b26cc6f7c1687cab5bc42351cffd06f8.yaml b/nuclei-templates/2024/CVE-2024-45293-b26cc6f7c1687cab5bc42351cffd06f8.yaml new file mode 100644 index 0000000000..d2682c5d33 --- /dev/null +++ b/nuclei-templates/2024/CVE-2024-45293-b26cc6f7c1687cab5bc42351cffd06f8.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-45293-b26cc6f7c1687cab5bc42351cffd06f8 + +info: + name: > + PHPSpreadsheet Library < 2.3.0 - XXE Injection + author: topscoder + severity: high + description: > + The security scanner that prevents XXE attacks in the XLSX reader can be bypassed by slightly modifying the XML structure, utilizing white spaces. On servers that allow users to upload their own Excel (XLSX) sheets, Server files, and sensitive information can be disclosed by providing a crafted sheet. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/38f950b7-e3a0-4e05-a8b0-9cc6b6c66b0c?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cve-id: CVE-2024-45293 + metadata: + fofa-query: "wp-content/plugins/webd-woocommerce-product-excel-importer-bulk-edit/" + google-query: inurl:"/wp-content/plugins/webd-woocommerce-product-excel-importer-bulk-edit/" + shodan-query: 'vuln:CVE-2024-45293' + tags: cve,wordpress,wp-plugin,webd-woocommerce-product-excel-importer-bulk-edit,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/webd-woocommerce-product-excel-importer-bulk-edit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "webd-woocommerce-product-excel-importer-bulk-edit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.6') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-45293-f4b70efee9edc6854153c3befcf73a05.yaml b/nuclei-templates/2024/CVE-2024-45293-f4b70efee9edc6854153c3befcf73a05.yaml new file mode 100644 index 0000000000..46af51193d --- /dev/null +++ b/nuclei-templates/2024/CVE-2024-45293-f4b70efee9edc6854153c3befcf73a05.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-45293-f4b70efee9edc6854153c3befcf73a05 + +info: + name: > + PHPSpreadsheet Library < 2.3.0 - XXE Injection + author: topscoder + severity: high + description: > + The security scanner that prevents XXE attacks in the XLSX reader can be bypassed by slightly modifying the XML structure, utilizing white spaces. On servers that allow users to upload their own Excel (XLSX) sheets, Server files, and sensitive information can be disclosed by providing a crafted sheet. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/38f950b7-e3a0-4e05-a8b0-9cc6b6c66b0c?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cve-id: CVE-2024-45293 + metadata: + fofa-query: "wp-content/plugins/advanced-cf7-db/" + google-query: inurl:"/wp-content/plugins/advanced-cf7-db/" + shodan-query: 'vuln:CVE-2024-45293' + tags: cve,wordpress,wp-plugin,advanced-cf7-db,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-cf7-db/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-cf7-db" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.5') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-45293-f6cccb42948ff022cc087569aa6fd7fb.yaml b/nuclei-templates/2024/CVE-2024-45293-f6cccb42948ff022cc087569aa6fd7fb.yaml new file mode 100644 index 0000000000..509dfd8b00 --- /dev/null +++ b/nuclei-templates/2024/CVE-2024-45293-f6cccb42948ff022cc087569aa6fd7fb.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-45293-f6cccb42948ff022cc087569aa6fd7fb + +info: + name: > + PHPSpreadsheet Library < 2.3.0 - XXE Injection + author: topscoder + severity: high + description: > + The security scanner that prevents XXE attacks in the XLSX reader can be bypassed by slightly modifying the XML structure, utilizing white spaces. On servers that allow users to upload their own Excel (XLSX) sheets, Server files, and sensitive information can be disclosed by providing a crafted sheet. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/38f950b7-e3a0-4e05-a8b0-9cc6b6c66b0c?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cve-id: CVE-2024-45293 + metadata: + fofa-query: "wp-content/plugins/content-excel-importer/" + google-query: inurl:"/wp-content/plugins/content-excel-importer/" + shodan-query: 'vuln:CVE-2024-45293' + tags: cve,wordpress,wp-plugin,content-excel-importer,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/content-excel-importer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "content-excel-importer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.3') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-45429-c5b50a2727f0a5beb04680b6d713ea8e.yaml b/nuclei-templates/2024/CVE-2024-45429-c5b50a2727f0a5beb04680b6d713ea8e.yaml index 6a65360ada..255a001a4b 100644 --- a/nuclei-templates/2024/CVE-2024-45429-c5b50a2727f0a5beb04680b6d713ea8e.yaml +++ b/nuclei-templates/2024/CVE-2024-45429-c5b50a2727f0a5beb04680b6d713ea8e.yaml @@ -15,17 +15,17 @@ info: cvss-score: 5.5 cve-id: CVE-2024-45429 metadata: - fofa-query: "wp-content/plugins/UNKNOWN-CVE-2023-40068-1/" - google-query: inurl:"/wp-content/plugins/UNKNOWN-CVE-2023-40068-1/" + fofa-query: "wp-content/plugins/advanced-custom-fields-pro/" + google-query: inurl:"/wp-content/plugins/advanced-custom-fields-pro/" shodan-query: 'vuln:CVE-2024-45429' - tags: cve,wordpress,wp-plugin,UNKNOWN-CVE-2023-40068-1,low + tags: cve,wordpress,wp-plugin,advanced-custom-fields-pro,low http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/UNKNOWN-CVE-2023-40068-1/readme.txt" + - "{{BaseURL}}/wp-content/plugins/advanced-custom-fields-pro/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "UNKNOWN-CVE-2023-40068-1" + - "advanced-custom-fields-pro" part: body - type: dsl diff --git a/nuclei-templates/2024/CVE-2024-4565-b2a339f038f0abdfe1886ac2a73d2760.yaml b/nuclei-templates/2024/CVE-2024-4565-b2a339f038f0abdfe1886ac2a73d2760.yaml index 81b75e78a3..3a35901c7e 100644 --- a/nuclei-templates/2024/CVE-2024-4565-b2a339f038f0abdfe1886ac2a73d2760.yaml +++ b/nuclei-templates/2024/CVE-2024-4565-b2a339f038f0abdfe1886ac2a73d2760.yaml @@ -15,17 +15,17 @@ info: cvss-score: 4.3 cve-id: CVE-2024-4565 metadata: - fofa-query: "wp-content/plugins/advanced-custom-fields/" - google-query: inurl:"/wp-content/plugins/advanced-custom-fields/" + fofa-query: "wp-content/plugins/advanced-custom-fields-pro/" + google-query: inurl:"/wp-content/plugins/advanced-custom-fields-pro/" shodan-query: 'vuln:CVE-2024-4565' - tags: cve,wordpress,wp-plugin,advanced-custom-fields,low + tags: cve,wordpress,wp-plugin,advanced-custom-fields-pro,low http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/advanced-custom-fields/readme.txt" + - "{{BaseURL}}/wp-content/plugins/advanced-custom-fields-pro/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "advanced-custom-fields" + - "advanced-custom-fields-pro" part: body - type: dsl diff --git a/nuclei-templates/2024/CVE-2024-4580-fe69bc665a4e90834833b35e34d2eb50.yaml b/nuclei-templates/2024/CVE-2024-4580-fe69bc665a4e90834833b35e34d2eb50.yaml index bc384cefde..707055bf66 100644 --- a/nuclei-templates/2024/CVE-2024-4580-fe69bc665a4e90834833b35e34d2eb50.yaml +++ b/nuclei-templates/2024/CVE-2024-4580-fe69bc665a4e90834833b35e34d2eb50.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: low description: > - The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 2.0.6.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 2.0.6.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2024-35702 is likely a duplicate of this issue. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/e3e3ac84-dd82-42b0-80b9-c876731170d5?source=api-prod diff --git a/nuclei-templates/2024/CVE-2024-4623-a8fcd9d3aa8bba088dbbf516d83b5b4c.yaml b/nuclei-templates/2024/CVE-2024-4623-a8fcd9d3aa8bba088dbbf516d83b5b4c.yaml index 46ff10ea75..0dcec21f5d 100644 --- a/nuclei-templates/2024/CVE-2024-4623-a8fcd9d3aa8bba088dbbf516d83b5b4c.yaml +++ b/nuclei-templates/2024/CVE-2024-4623-a8fcd9d3aa8bba088dbbf516d83b5b4c.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: low description: > - The Blogmentor – Blog Layouts for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pagination_style’ parameter in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + The Blogmentor – Blog Layouts for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pagination_style’ parameter in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2024-37229 is likely a duplicate of this issue. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/b0925ceb-581c-4748-abfb-9962e53b7db9?source=api-prod diff --git a/nuclei-templates/2024/CVE-2024-4698-825538c39c306657925d5fb8cfd22ff7.yaml b/nuclei-templates/2024/CVE-2024-4698-825538c39c306657925d5fb8cfd22ff7.yaml index ad87d79fe6..4d3574d657 100644 --- a/nuclei-templates/2024/CVE-2024-4698-825538c39c306657925d5fb8cfd22ff7.yaml +++ b/nuclei-templates/2024/CVE-2024-4698-825538c39c306657925d5fb8cfd22ff7.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: low description: > - The Testimonial Carousel For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'show_line_text ' and 'slide_button_hover_animation' parameters in versions up to, and including, 10.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + The Testimonial Carousel For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'show_line_text ' and 'slide_button_hover_animation' parameters in versions up to, and including, 10.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2024-35713 is likely a duplicate of this issue. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/4542b0f8-c9ee-4992-b737-e5f727c7b5b0?source=api-prod diff --git a/nuclei-templates/2024/CVE-2024-4709-ddfd7af7e2e47d7cbb4c0c8fe714b95a.yaml b/nuclei-templates/2024/CVE-2024-4709-ddfd7af7e2e47d7cbb4c0c8fe714b95a.yaml index 29d1721ff5..b4920cce10 100644 --- a/nuclei-templates/2024/CVE-2024-4709-ddfd7af7e2e47d7cbb4c0c8fe714b95a.yaml +++ b/nuclei-templates/2024/CVE-2024-4709-ddfd7af7e2e47d7cbb4c0c8fe714b95a.yaml @@ -11,8 +11,8 @@ info: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/5fe317a6-a391-441a-aac8-c8fa57e73169?source=api-prod classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N - cvss-score: 7.2 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 cve-id: CVE-2024-4709 metadata: fofa-query: "wp-content/plugins/fluentform/" diff --git a/nuclei-templates/2024/CVE-2024-4742-b193fd8ed60a9390fd6d8e54a6a799f9.yaml b/nuclei-templates/2024/CVE-2024-4742-b193fd8ed60a9390fd6d8e54a6a799f9.yaml index 340835d4bb..6fbc2ebb5b 100644 --- a/nuclei-templates/2024/CVE-2024-4742-b193fd8ed60a9390fd6d8e54a6a799f9.yaml +++ b/nuclei-templates/2024/CVE-2024-4742-b193fd8ed60a9390fd6d8e54a6a799f9.yaml @@ -11,8 +11,8 @@ info: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/08bd24ca-eec6-4b62-af49-192496e65a5b?source=api-prod classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N + cvss-score: 6.5 cve-id: CVE-2024-4742 metadata: fofa-query: "wp-content/plugins/youzify/" diff --git a/nuclei-templates/2024/CVE-2024-4743-bf3db6695447b5754c760bde8ab75fb0.yaml b/nuclei-templates/2024/CVE-2024-4743-bf3db6695447b5754c760bde8ab75fb0.yaml index c7d1763ba6..78486aca86 100644 --- a/nuclei-templates/2024/CVE-2024-4743-bf3db6695447b5754c760bde8ab75fb0.yaml +++ b/nuclei-templates/2024/CVE-2024-4743-bf3db6695447b5754c760bde8ab75fb0.yaml @@ -11,8 +11,8 @@ info: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/7e3a1e3c-eba0-4ef4-bcb8-929799bb56a8?source=api-prod classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 cve-id: CVE-2024-4743 metadata: fofa-query: "wp-content/plugins/lifterlms/" diff --git a/nuclei-templates/2024/CVE-2024-4749-24a1118489877e1f522b62bdf7f81b17.yaml b/nuclei-templates/2024/CVE-2024-4749-24a1118489877e1f522b62bdf7f81b17.yaml index b21b27ef5b..1c3af34cb5 100644 --- a/nuclei-templates/2024/CVE-2024-4749-24a1118489877e1f522b62bdf7f81b17.yaml +++ b/nuclei-templates/2024/CVE-2024-4749-24a1118489877e1f522b62bdf7f81b17.yaml @@ -2,11 +2,11 @@ id: CVE-2024-4749-24a1118489877e1f522b62bdf7f81b17 info: name: > - WP eMember <= 10.3.8 - Reflected Cross-Site Scripting + WP eMember <= 10.3.8 - Reflected Cross-Site Scripting via 'fieldId' author: topscoder severity: medium description: > - The WooCommerce and WP eMember Integration plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 10.3.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + The WooCommerce and WP eMember Integration plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'fieldId' parameter in all versions up to, and including, 10.3.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/143e28b0-56cf-4d8d-9147-60a85a595290?source=api-prod diff --git a/nuclei-templates/2024/CVE-2024-4783-09f94923293fa0caf86c1b555760686d.yaml b/nuclei-templates/2024/CVE-2024-4783-09f94923293fa0caf86c1b555760686d.yaml index fe6ed31ee1..16100b8b42 100644 --- a/nuclei-templates/2024/CVE-2024-4783-09f94923293fa0caf86c1b555760686d.yaml +++ b/nuclei-templates/2024/CVE-2024-4783-09f94923293fa0caf86c1b555760686d.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: low description: > - The jQuery T(-) Countdown Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's tminus shortcode in all versions up to, and including, 2.3.25 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + The jQuery T(-) Countdown Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's tminus shortcode in all versions up to, and including, 2.3.25 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2024-37247 may be a duplicate of this issue. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/78eeef12-123b-42f6-b446-c3f2d43153fd?source=api-prod diff --git a/nuclei-templates/2024/CVE-2024-4838-438709c75b9635eea017b97243965ed2.yaml b/nuclei-templates/2024/CVE-2024-4838-438709c75b9635eea017b97243965ed2.yaml index 0e3328dac1..430bb5464b 100644 --- a/nuclei-templates/2024/CVE-2024-4838-438709c75b9635eea017b97243965ed2.yaml +++ b/nuclei-templates/2024/CVE-2024-4838-438709c75b9635eea017b97243965ed2.yaml @@ -11,8 +11,8 @@ info: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/16f5a104-dce0-4249-91b9-67f99cce16d3?source=api-prod classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H - cvss-score: 8.8 + cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 7.5 cve-id: CVE-2024-4838 metadata: fofa-query: "wp-content/plugins/convertplug/" diff --git a/nuclei-templates/2024/CVE-2024-4862-f7d6b0624f875461a7601730018f27fe.yaml b/nuclei-templates/2024/CVE-2024-4862-f7d6b0624f875461a7601730018f27fe.yaml index 3264fe0e5d..66eb6ea1b4 100644 --- a/nuclei-templates/2024/CVE-2024-4862-f7d6b0624f875461a7601730018f27fe.yaml +++ b/nuclei-templates/2024/CVE-2024-4862-f7d6b0624f875461a7601730018f27fe.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: low description: > - The WPBITS Addons For Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + The WPBITS Addons For Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2024-37945 may be a duplicate of this issue. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/5f459033-1c95-4781-93f4-1ee5e310933a?source=api-prod diff --git a/nuclei-templates/2024/CVE-2024-4886-a4ca992ddae5ec5f2effe96be1a25e88.yaml b/nuclei-templates/2024/CVE-2024-4886-a4ca992ddae5ec5f2effe96be1a25e88.yaml index 915f943fdb..9dc3d68e28 100644 --- a/nuclei-templates/2024/CVE-2024-4886-a4ca992ddae5ec5f2effe96be1a25e88.yaml +++ b/nuclei-templates/2024/CVE-2024-4886-a4ca992ddae5ec5f2effe96be1a25e88.yaml @@ -2,7 +2,7 @@ id: CVE-2024-4886-a4ca992ddae5ec5f2effe96be1a25e88 info: name: > - Buddyboss Platform <= 2.5.91 - Insecure Directory Object Reference to Authenticated (Subscriber+) Comment on Private Post + Buddyboss Platform <= 2.5.91 - Insecure Direct Object Reference to Authenticated (Subscriber+) Comment on Private Post author: topscoder severity: low description: > diff --git a/nuclei-templates/2024/CVE-2024-4902-1337a293cedaf997fd05c2b8ea71c553.yaml b/nuclei-templates/2024/CVE-2024-4902-1337a293cedaf997fd05c2b8ea71c553.yaml index 1f53062014..bc4aa2fb57 100644 --- a/nuclei-templates/2024/CVE-2024-4902-1337a293cedaf997fd05c2b8ea71c553.yaml +++ b/nuclei-templates/2024/CVE-2024-4902-1337a293cedaf997fd05c2b8ea71c553.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: low description: > - The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the ‘course_id’ parameter in all versions up to, and including, 2.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with admin access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the ‘course_id’ parameter in all versions up to, and including, 2.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with admin access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. CVE-2024-37256 is likely a duplicate of this issue. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/f00e8169-3b8f-44a0-9af2-e81777a913f8?source=api-prod diff --git a/nuclei-templates/2024/CVE-2024-49226-9111a93e7d76fd8fd9b51c415f08a405.yaml b/nuclei-templates/2024/CVE-2024-49226-9111a93e7d76fd8fd9b51c415f08a405.yaml index 75162677f1..a5375925fc 100644 --- a/nuclei-templates/2024/CVE-2024-49226-9111a93e7d76fd8fd9b51c415f08a405.yaml +++ b/nuclei-templates/2024/CVE-2024-49226-9111a93e7d76fd8fd9b51c415f08a405.yaml @@ -2,11 +2,11 @@ id: CVE-2024-49226-9111a93e7d76fd8fd9b51c415f08a405 info: name: > - TAKETIN To WP Membership <= 2.8.0 - Authenticated (Subscriber+) PHP Object Injection + TAKETIN To WP Membership <= 2.8.1 - Authenticated (Subscriber+) PHP Object Injection author: topscoder severity: low description: > - The TAKETIN To WP Membership plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.8.0 via deserialization of untrusted input. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. + The TAKETIN To WP Membership plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.8.1 via deserialization of untrusted input. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/6942b352-2468-4310-a69c-2590b3b3a4a8?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 2.8.0') \ No newline at end of file + - compare_versions(version, '<= 2.8.1') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-49236-aa68f88931557efac9206653e71cfca9.yaml b/nuclei-templates/2024/CVE-2024-49236-aa68f88931557efac9206653e71cfca9.yaml index 5dbf1b3847..b583ef2339 100644 --- a/nuclei-templates/2024/CVE-2024-49236-aa68f88931557efac9206653e71cfca9.yaml +++ b/nuclei-templates/2024/CVE-2024-49236-aa68f88931557efac9206653e71cfca9.yaml @@ -2,11 +2,11 @@ id: CVE-2024-49236-aa68f88931557efac9206653e71cfca9 info: name: > - Crazy Call To Action Box <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting + Crazy Call To Action Box <= 1.05 - Authenticated (Contributor+) Stored Cross-Site Scripting author: topscoder severity: low description: > - The Crazy Call To Action Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + The Crazy Call To Action Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.05 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/3c51dcd7-0ca4-449b-819c-91de1dacad03?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 1.0.5') \ No newline at end of file + - compare_versions(version, '<= 1.05') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-49238-39233088bd335fbef9fd9df6f62be65a.yaml b/nuclei-templates/2024/CVE-2024-49238-39233088bd335fbef9fd9df6f62be65a.yaml index 7f1ac2d646..36ed9c10a8 100644 --- a/nuclei-templates/2024/CVE-2024-49238-39233088bd335fbef9fd9df6f62be65a.yaml +++ b/nuclei-templates/2024/CVE-2024-49238-39233088bd335fbef9fd9df6f62be65a.yaml @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '* -1.0f') \ No newline at end of file + - compare_versions(version, '<= 1.0f') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-49250-274432d0df09655282389b4637dca2d9.yaml b/nuclei-templates/2024/CVE-2024-49250-274432d0df09655282389b4637dca2d9.yaml index 20d66ecc96..461ba438f5 100644 --- a/nuclei-templates/2024/CVE-2024-49250-274432d0df09655282389b4637dca2d9.yaml +++ b/nuclei-templates/2024/CVE-2024-49250-274432d0df09655282389b4637dca2d9.yaml @@ -2,11 +2,11 @@ id: CVE-2024-49250-274432d0df09655282389b4637dca2d9 info: name: > - Table of Contents Plus <= 2408 - Cross-Site Request Forgery + Table of Contents Plus <= 2411 - Cross-Site Request Forgery author: topscoder severity: medium description: > - The Table of Contents Plus plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2408. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized aciton via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + The Table of Contents Plus plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2411. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/7f745e44-fdf1-416d-b1aa-27305533464e?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 2408') \ No newline at end of file + - compare_versions(version, '<= 2411') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-49269-dd1d71ec5b94d89718a6f4891c4d65e5.yaml b/nuclei-templates/2024/CVE-2024-49269-dd1d71ec5b94d89718a6f4891c4d65e5.yaml index 09900e19ee..c1cecd60d7 100644 --- a/nuclei-templates/2024/CVE-2024-49269-dd1d71ec5b94d89718a6f4891c4d65e5.yaml +++ b/nuclei-templates/2024/CVE-2024-49269-dd1d71ec5b94d89718a6f4891c4d65e5.yaml @@ -15,17 +15,17 @@ info: cvss-score: 6.1 cve-id: CVE-2024-49269 metadata: - fofa-query: "wp-content/themes/my-flatonica/" - google-query: inurl:"/wp-content/themes/my-flatonica/" + fofa-query: "wp-content/themes/my-zebra/" + google-query: inurl:"/wp-content/themes/my-zebra/" shodan-query: 'vuln:CVE-2024-49269' - tags: cve,wordpress,wp-theme,my-flatonica,medium + tags: cve,wordpress,wp-theme,my-zebra,medium http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/themes/my-flatonica/style.css" + - "{{BaseURL}}/wp-content/themes/my-zebra/style.css" extractors: - type: regex @@ -51,9 +51,9 @@ http: - type: word words: - - "my-flatonica" + - "my-zebra" part: body - type: dsl dsl: - - compare_versions(version, '<= 0.0.8') \ No newline at end of file + - compare_versions(version, '<= 2.0.6') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-49277-ed3c0f9bf8f0337647ab8c21c34a7ab8.yaml b/nuclei-templates/2024/CVE-2024-49277-ed3c0f9bf8f0337647ab8c21c34a7ab8.yaml index 8c7f4368fd..8310f93552 100644 --- a/nuclei-templates/2024/CVE-2024-49277-ed3c0f9bf8f0337647ab8c21c34a7ab8.yaml +++ b/nuclei-templates/2024/CVE-2024-49277-ed3c0f9bf8f0337647ab8c21c34a7ab8.yaml @@ -2,11 +2,11 @@ id: CVE-2024-49277-ed3c0f9bf8f0337647ab8c21c34a7ab8 info: name: > - UltraAddons Elementor Lite <= 1.1.8 - Authenticated (Author+) Stored Cross-Site Scripting + UltraAddons Elementor Lite <= 1.1.9 - Authenticated (Author+) Stored Cross-Site Scripting author: topscoder severity: low description: > - The UltraAddons Elementor Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + The UltraAddons Elementor Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/b847f463-2837-4f91-bae6-a8058f36a7db?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 1.1.8') \ No newline at end of file + - compare_versions(version, '<= 1.1.9') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-49278-67244ee462be89f6f4818ff9382972e3.yaml b/nuclei-templates/2024/CVE-2024-49278-67244ee462be89f6f4818ff9382972e3.yaml index 51bba9666d..9b3c70c25e 100644 --- a/nuclei-templates/2024/CVE-2024-49278-67244ee462be89f6f4818ff9382972e3.yaml +++ b/nuclei-templates/2024/CVE-2024-49278-67244ee462be89f6f4818ff9382972e3.yaml @@ -2,11 +2,11 @@ id: CVE-2024-49278-67244ee462be89f6f4818ff9382972e3 info: name: > - Omnipress <= 1.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting + Omnipress <= 1.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting author: topscoder severity: low description: > - The Omnipress plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.4.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + The Omnipress plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/cf238735-8c21-495b-8da0-912921c1f11c?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 1.4.3') \ No newline at end of file + - compare_versions(version, '<= 1.5.1') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-49280-7d708abb768374d060a04d8b56c1f679.yaml b/nuclei-templates/2024/CVE-2024-49280-7d708abb768374d060a04d8b56c1f679.yaml index 063d5e4c19..241786c4f7 100644 --- a/nuclei-templates/2024/CVE-2024-49280-7d708abb768374d060a04d8b56c1f679.yaml +++ b/nuclei-templates/2024/CVE-2024-49280-7d708abb768374d060a04d8b56c1f679.yaml @@ -2,11 +2,11 @@ id: CVE-2024-49280-7d708abb768374d060a04d8b56c1f679 info: name: > - Lightbox slider – Responsive Lightbox Gallery <= 1.10.0 - Authenticated (Author+) Stored Cross-Site Scripting + Lightbox slider – Responsive Lightbox Gallery <= 1.10.1 - Authenticated (Author+) Stored Cross-Site Scripting author: topscoder severity: low description: > - The Lightbox slider – Responsive Lightbox Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.10.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + The Lightbox slider – Responsive Lightbox Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.10.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ede558d-272d-4f18-b2e0-97f5c2cb958b?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 1.10.0') \ No newline at end of file + - compare_versions(version, '<= 1.10.1') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-49331-ce1213d969b5ca7ff75034c047f9451d.yaml b/nuclei-templates/2024/CVE-2024-49331-ce1213d969b5ca7ff75034c047f9451d.yaml index 1afa8af287..26bdadb590 100644 --- a/nuclei-templates/2024/CVE-2024-49331-ce1213d969b5ca7ff75034c047f9451d.yaml +++ b/nuclei-templates/2024/CVE-2024-49331-ce1213d969b5ca7ff75034c047f9451d.yaml @@ -2,11 +2,11 @@ id: CVE-2024-49331-ce1213d969b5ca7ff75034c047f9451d info: name: > - Property Lot Management System <= 4.2.38 - Authenticated (Salesman+) Arbitrary File Upload + Property Lot Management System <= 1.0 - Authenticated (Salesman+) Arbitrary File Upload author: topscoder severity: low description: > - The Property Lot Management System plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 4.2.38. This makes it possible for authenticated attackers, with Custom-level access (Salesman and above), to upload arbitrary files on the affected site's server which may make remote code execution possible. + The Property Lot Management System plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 1.0. This makes it possible for authenticated attackers, with Custom-level access (Salesman and above), to upload arbitrary files on the affected site's server which may make remote code execution possible. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/30f791ef-3a97-4f89-b602-b42b726a8f70?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 4.2.38') \ No newline at end of file + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-49593-3b3710e135e757bfb25f79654259f808.yaml b/nuclei-templates/2024/CVE-2024-49593-3b3710e135e757bfb25f79654259f808.yaml index 22e4cc81d0..b6edc13f35 100644 --- a/nuclei-templates/2024/CVE-2024-49593-3b3710e135e757bfb25f79654259f808.yaml +++ b/nuclei-templates/2024/CVE-2024-49593-3b3710e135e757bfb25f79654259f808.yaml @@ -15,17 +15,17 @@ info: cvss-score: 4.4 cve-id: CVE-2024-49593 metadata: - fofa-query: "wp-content/plugins/advanced-custom-fields/" - google-query: inurl:"/wp-content/plugins/advanced-custom-fields/" + fofa-query: "wp-content/plugins/advanced-custom-fields-pro/" + google-query: inurl:"/wp-content/plugins/advanced-custom-fields-pro/" shodan-query: 'vuln:CVE-2024-49593' - tags: cve,wordpress,wp-plugin,advanced-custom-fields,low + tags: cve,wordpress,wp-plugin,advanced-custom-fields-pro,low http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/advanced-custom-fields/readme.txt" + - "{{BaseURL}}/wp-content/plugins/advanced-custom-fields-pro/readme.txt" extractors: - type: regex @@ -51,9 +51,9 @@ http: - type: word words: - - "advanced-custom-fields" + - "advanced-custom-fields-pro" part: body - type: dsl dsl: - - compare_versions(version, '6.3.8') \ No newline at end of file + - compare_versions(version, '<= 6.3.8') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-49604-7826c756b8b7094cefeae90cc8a8e091.yaml b/nuclei-templates/2024/CVE-2024-49604-7826c756b8b7094cefeae90cc8a8e091.yaml index 74ec4c6cc2..78cf433240 100644 --- a/nuclei-templates/2024/CVE-2024-49604-7826c756b8b7094cefeae90cc8a8e091.yaml +++ b/nuclei-templates/2024/CVE-2024-49604-7826c756b8b7094cefeae90cc8a8e091.yaml @@ -2,11 +2,11 @@ id: CVE-2024-49604-7826c756b8b7094cefeae90cc8a8e091 info: name: > - Simple User Registration <= 5.5 - Missing Authorization + Simple User Registration <= 6.3 - Missing Authorization to Account Takeover author: topscoder severity: high description: > - The Simple User Registration plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 5.5. This makes it possible for unauthenticated attackers to perform an unauthorized action. + The Simple User Registration plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on a function in all versions up to, and including, 6.3. This makes it possible for unauthenticated attackers to takeover other users accounts and elevate their privileges reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/169d06e1-055b-422a-a466-155ec43e0dbb?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 5.5') \ No newline at end of file + - compare_versions(version, '<= 6.3') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-5001-a765b8edd6473c0ac996865973fa9aed.yaml b/nuclei-templates/2024/CVE-2024-5001-a765b8edd6473c0ac996865973fa9aed.yaml index d424819976..6c759b644f 100644 --- a/nuclei-templates/2024/CVE-2024-5001-a765b8edd6473c0ac996865973fa9aed.yaml +++ b/nuclei-templates/2024/CVE-2024-5001-a765b8edd6473c0ac996865973fa9aed.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: low description: > - The Image Hover Effects for Elementor with Lightbox and Flipbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '_id', 'oxi_addons_f_title_tag', and 'content_description_tag' parameters in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + The Image Hover Effects for Elementor with Lightbox and Flipbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '_id', 'oxi_addons_f_title_tag', and 'content_description_tag' parameters in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2024-37546 may be a duplicate of this issue. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/6c384f05-96dd-47bb-822d-16212527091a?source=api-prod diff --git a/nuclei-templates/2024/CVE-2024-50516-8a347587322ab61994f1c313f3ae4f6a.yaml b/nuclei-templates/2024/CVE-2024-50516-8a347587322ab61994f1c313f3ae4f6a.yaml index f0179b377b..b8fd54a744 100644 --- a/nuclei-templates/2024/CVE-2024-50516-8a347587322ab61994f1c313f3ae4f6a.yaml +++ b/nuclei-templates/2024/CVE-2024-50516-8a347587322ab61994f1c313f3ae4f6a.yaml @@ -2,11 +2,11 @@ id: CVE-2024-50516-8a347587322ab61994f1c313f3ae4f6a info: name: > - Countdown, Coming Soon, Maintenance – Countdown & Clock <= 2.8.2 - Authenticated (Admin+) Stored Cross-Site Scripting + Countdown, Coming Soon, Maintenance – Countdown & Clock <= 2.8.3 - Authenticated (Admin+) Stored Cross-Site Scripting author: topscoder severity: low description: > - The Countdown, Coming Soon, Maintenance – Countdown & Clock plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.8.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. + The Countdown, Coming Soon, Maintenance – Countdown & Clock plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.8.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/99a24c92-b6e5-4bbd-8cd8-1f95f47d3675?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 2.8.2') \ No newline at end of file + - compare_versions(version, '<= 2.8.3') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-50523-875f660285e845ef86c0bca34d1cc917.yaml b/nuclei-templates/2024/CVE-2024-50523-875f660285e845ef86c0bca34d1cc917.yaml index f31f56ae41..b1051fd832 100644 --- a/nuclei-templates/2024/CVE-2024-50523-875f660285e845ef86c0bca34d1cc917.yaml +++ b/nuclei-templates/2024/CVE-2024-50523-875f660285e845ef86c0bca34d1cc917.yaml @@ -2,11 +2,11 @@ id: CVE-2024-50523-875f660285e845ef86c0bca34d1cc917 info: name: > - All Post Contact Form <= 1.7.3 - Unauthenticated Arbitrary File Upload + All Post Contact Form <= 1.7.9 - Unauthenticated Arbitrary File Upload author: topscoder severity: critical description: > - The All Post Contact Form plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.7.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. + The All Post Contact Form plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.7.9. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/508ff025-d1ab-4c8d-ac39-078023c4b5ce?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 1.7.3') \ No newline at end of file + - compare_versions(version, '<= 1.7.9') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-50524-ddf41d1b997ea09580c98f73ca1d2989.yaml b/nuclei-templates/2024/CVE-2024-50524-ddf41d1b997ea09580c98f73ca1d2989.yaml index 54a73746cf..32d832334f 100644 --- a/nuclei-templates/2024/CVE-2024-50524-ddf41d1b997ea09580c98f73ca1d2989.yaml +++ b/nuclei-templates/2024/CVE-2024-50524-ddf41d1b997ea09580c98f73ca1d2989.yaml @@ -2,11 +2,11 @@ id: CVE-2024-50524-ddf41d1b997ea09580c98f73ca1d2989 info: name: > - Administrator Z <= 2024.11.02 - Authenticated (Subscriber+) SQL Injection + Administrator Z <= 2025.01.11 - Authenticated (Subscriber+) SQL Injection author: topscoder severity: low description: > - The Administrator Z plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 2024.11.02 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + The Administrator Z plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 2025.01.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/3bea473d-f97b-4646-9221-deb63e0efe98?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 2024.11.02') \ No newline at end of file + - compare_versions(version, '<= 2025.01.11') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-51582-371e0714c2294a4e57c4f668aa80dc04.yaml b/nuclei-templates/2024/CVE-2024-51582-371e0714c2294a4e57c4f668aa80dc04.yaml index f63f48fa8a..6065757e13 100644 --- a/nuclei-templates/2024/CVE-2024-51582-371e0714c2294a4e57c4f668aa80dc04.yaml +++ b/nuclei-templates/2024/CVE-2024-51582-371e0714c2294a4e57c4f668aa80dc04.yaml @@ -2,11 +2,11 @@ id: CVE-2024-51582-371e0714c2294a4e57c4f668aa80dc04 info: name: > - WP Hotel Booking <= 2.1.4 - Authenticated (Contributor+) Local File Inclusion + WP Hotel Booking <= 2.1.7 - Authenticated (Contributor+) Local File Inclusion author: topscoder severity: low description: > - The WP Hotel Booking plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.1.4. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. + The WP Hotel Booking plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.1.7. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/2fcef7c3-25a5-44e1-96c1-68e67e59f18b?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 2.1.4') \ No newline at end of file + - compare_versions(version, '<= 2.1.7') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-51585-63d85147d28871503a5b10cd3f86db7b.yaml b/nuclei-templates/2024/CVE-2024-51585-63d85147d28871503a5b10cd3f86db7b.yaml index d2b8b71f95..60d5ef0580 100644 --- a/nuclei-templates/2024/CVE-2024-51585-63d85147d28871503a5b10cd3f86db7b.yaml +++ b/nuclei-templates/2024/CVE-2024-51585-63d85147d28871503a5b10cd3f86db7b.yaml @@ -2,11 +2,11 @@ id: CVE-2024-51585-63d85147d28871503a5b10cd3f86db7b info: name: > - Sales Page Addon – Elementor & Beaver Builder <= 1.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting + Sales Page Addon – Elementor & Beaver Builder <= 1.4.5 - Authenticated (Contributor+) Stored Cross-Site Scripting author: topscoder severity: low description: > - The Sales Page Addon – Elementor & Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + The Sales Page Addon – Elementor & Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.4.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/a3d14467-0c1d-4741-b533-37b9605c5fde?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 1.4.2') \ No newline at end of file + - compare_versions(version, '<= 1.4.5') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-51683-4ebdc98b4b70311da127206b7d6c8a7b.yaml b/nuclei-templates/2024/CVE-2024-51683-4ebdc98b4b70311da127206b7d6c8a7b.yaml index 082f96d780..af6372098a 100644 --- a/nuclei-templates/2024/CVE-2024-51683-4ebdc98b4b70311da127206b7d6c8a7b.yaml +++ b/nuclei-templates/2024/CVE-2024-51683-4ebdc98b4b70311da127206b7d6c8a7b.yaml @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 1.10.1') \ No newline at end of file + - compare_versions(version, '>= 1.10.0', '<= 1.10.1') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-5179-d88c7d128e6de5f83286573693a4bbde.yaml b/nuclei-templates/2024/CVE-2024-5179-d88c7d128e6de5f83286573693a4bbde.yaml index a1a8d02600..f5aaf40e1c 100644 --- a/nuclei-templates/2024/CVE-2024-5179-d88c7d128e6de5f83286573693a4bbde.yaml +++ b/nuclei-templates/2024/CVE-2024-5179-d88c7d128e6de5f83286573693a4bbde.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: low description: > - The Cowidgets – Elementor Addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.2 via the 'item_style' and 'style' parameters. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. + The Cowidgets – Elementor Addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.2 via the 'item_style' and 'style' parameters. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. CVE-2024-37419 is likely a duplicate of this issue. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/ebd6acc9-b7df-4cf8-a211-1e39f3abcf79?source=api-prod diff --git a/nuclei-templates/2024/CVE-2024-51794-640904490f59aba204af7c9db019b584.yaml b/nuclei-templates/2024/CVE-2024-51794-640904490f59aba204af7c9db019b584.yaml index 764ad963aa..552779bec8 100644 --- a/nuclei-templates/2024/CVE-2024-51794-640904490f59aba204af7c9db019b584.yaml +++ b/nuclei-templates/2024/CVE-2024-51794-640904490f59aba204af7c9db019b584.yaml @@ -2,11 +2,11 @@ id: CVE-2024-51794-640904490f59aba204af7c9db019b584 info: name: > - Storely <= 14.7 - Authenticated (Contributor+) Stored Cross-Site Scripting + Storely <= 15.6 - Authenticated (Contributor+) Stored Cross-Site Scripting author: topscoder severity: low description: > - The Storely theme for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 14.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + The Storely theme for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 15.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/f96b23e5-b5f3-4e54-8955-b499648b5675?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 14.7') \ No newline at end of file + - compare_versions(version, '<= 15.6') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-51869-2c4631b671fb2a01a68fff05d6c8f340.yaml b/nuclei-templates/2024/CVE-2024-51869-2c4631b671fb2a01a68fff05d6c8f340.yaml index 51fc0523bd..e5cde5d663 100644 --- a/nuclei-templates/2024/CVE-2024-51869-2c4631b671fb2a01a68fff05d6c8f340.yaml +++ b/nuclei-templates/2024/CVE-2024-51869-2c4631b671fb2a01a68fff05d6c8f340.yaml @@ -2,11 +2,11 @@ id: CVE-2024-51869-2c4631b671fb2a01a68fff05d6c8f340 info: name: > - Gutenium Blocks <= 1.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting + Gutenium Blocks <= 1.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting author: topscoder severity: low description: > - The Gutenium Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + The Gutenium Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/338003bb-0569-4b9b-aa98-37153fb7e9c3?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 1.1.5') \ No newline at end of file + - compare_versions(version, '<= 1.1.7') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-51883-229b07fbb702aa78e911a90486c2623d.yaml b/nuclei-templates/2024/CVE-2024-51883-229b07fbb702aa78e911a90486c2623d.yaml index c0f6b6bb66..8020d94600 100644 --- a/nuclei-templates/2024/CVE-2024-51883-229b07fbb702aa78e911a90486c2623d.yaml +++ b/nuclei-templates/2024/CVE-2024-51883-229b07fbb702aa78e911a90486c2623d.yaml @@ -2,11 +2,11 @@ id: CVE-2024-51883-229b07fbb702aa78e911a90486c2623d info: name: > - I Plant A Tree <= 1.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting + I Plant A Tree <= 1.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting author: topscoder severity: low description: > - The I Plant A Tree plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.7.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + The I Plant A Tree plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.7.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/c9d82a7e-abf0-4698-898d-4bbd79d36321?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 1.7.3') \ No newline at end of file + - compare_versions(version, '<= 1.7.4') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-52414-87abb37759cdcb3812270d5c064c7887.yaml b/nuclei-templates/2024/CVE-2024-52414-87abb37759cdcb3812270d5c064c7887.yaml index a23a024dff..6285b961ad 100644 --- a/nuclei-templates/2024/CVE-2024-52414-87abb37759cdcb3812270d5c064c7887.yaml +++ b/nuclei-templates/2024/CVE-2024-52414-87abb37759cdcb3812270d5c064c7887.yaml @@ -2,11 +2,11 @@ id: CVE-2024-52414-87abb37759cdcb3812270d5c064c7887 info: name: > - WDES Responsive Mobile Menu <= 5.3.18 - Unauthenticated PHP Object Injection + WDES Responsive Mobile Menu <= 1.2.5 - Unauthenticated PHP Object Injection author: topscoder severity: critical description: > - The WDES Responsive Mobile Menu plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 5.3.18 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. + The WDES Responsive Mobile Menu plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.2.5 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/87c7fe1a-c7d3-4d95-b3ed-da08c7428ad1?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 5.3.18') \ No newline at end of file + - compare_versions(version, '<= 1.2.5') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-52420-81bc5a61585a6be99b4ca88e9470f9af.yaml b/nuclei-templates/2024/CVE-2024-52420-81bc5a61585a6be99b4ca88e9470f9af.yaml index da42b60231..7097f7d715 100644 --- a/nuclei-templates/2024/CVE-2024-52420-81bc5a61585a6be99b4ca88e9470f9af.yaml +++ b/nuclei-templates/2024/CVE-2024-52420-81bc5a61585a6be99b4ca88e9470f9af.yaml @@ -2,11 +2,11 @@ id: CVE-2024-52420-81bc5a61585a6be99b4ca88e9470f9af info: name: > - Disable Admin Notices individually <= 1.3.5 - Cross-Site Request Forgery + Disable Admin Notices individually <= 1.3.6 - Cross-Site Request Forgery author: topscoder severity: medium description: > - The Disable Admin Notices individually plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.5. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + The Disable Admin Notices individually plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.6. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/4454f002-0d31-4023-9a44-bb8f3050e233?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 1.3.5') \ No newline at end of file + - compare_versions(version, '<= 1.3.6') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-52426-c429ca186a399d3507616b1404f97c62.yaml b/nuclei-templates/2024/CVE-2024-52426-c429ca186a399d3507616b1404f97c62.yaml index ed740ac2ed..9fc6bf54c3 100644 --- a/nuclei-templates/2024/CVE-2024-52426-c429ca186a399d3507616b1404f97c62.yaml +++ b/nuclei-templates/2024/CVE-2024-52426-c429ca186a399d3507616b1404f97c62.yaml @@ -2,11 +2,11 @@ id: CVE-2024-52426-c429ca186a399d3507616b1404f97c62 info: name: > - Linear <= 2.7.11 - Authenticated (Contributor+) Stored Cross-Site Scripting + Linear <= 2.7.12 - Authenticated (Contributor+) Stored Cross-Site Scripting author: topscoder severity: low description: > - The Linear plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.7.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + The Linear plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.7.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/ae9ff893-9a56-4e3b-805a-76ce48fb718f?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 2.7.11') \ No newline at end of file + - compare_versions(version, '<= 2.7.12') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-52439-35cb0853a6edce5bd80faddba07efa2e.yaml b/nuclei-templates/2024/CVE-2024-52439-35cb0853a6edce5bd80faddba07efa2e.yaml index fc6aabf6d7..d3c21032b5 100644 --- a/nuclei-templates/2024/CVE-2024-52439-35cb0853a6edce5bd80faddba07efa2e.yaml +++ b/nuclei-templates/2024/CVE-2024-52439-35cb0853a6edce5bd80faddba07efa2e.yaml @@ -2,11 +2,11 @@ id: CVE-2024-52439-35cb0853a6edce5bd80faddba07efa2e info: name: > - Team Rosters <= 4.6 - Unauthenticated PHP Object Injection + Team Rosters <= 4.7 - Unauthenticated PHP Object Injection author: topscoder severity: critical description: > - The Team Rosters plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.6 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. + The Team Rosters plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.7 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/311636d5-e990-4cdd-af1c-8b9610afa73e?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 4.6') \ No newline at end of file + - compare_versions(version, '<= 4.7') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-52446-3c695c8b04b73e79366d5f8b8cd23c97.yaml b/nuclei-templates/2024/CVE-2024-52446-3c695c8b04b73e79366d5f8b8cd23c97.yaml index 4d46633458..ee513979ae 100644 --- a/nuclei-templates/2024/CVE-2024-52446-3c695c8b04b73e79366d5f8b8cd23c97.yaml +++ b/nuclei-templates/2024/CVE-2024-52446-3c695c8b04b73e79366d5f8b8cd23c97.yaml @@ -2,11 +2,11 @@ id: CVE-2024-52446-3c695c8b04b73e79366d5f8b8cd23c97 info: name: > - Buying Buddy IDX CRM <= 1.1.12 - Cross-Site Request Forgery to PHP Object Injection + Buying Buddy IDX CRM <= 1.2 - Cross-Site Request Forgery to PHP Object Injection author: topscoder severity: medium description: > - The Buying Buddy IDX CRM plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.12. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to inject an object and execute magic methods in cases where a POP chain is present via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + The Buying Buddy IDX CRM plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to inject an object and execute magic methods in cases where a POP chain is present via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/1e2423b3-1246-4733-8443-69786d532b4a?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 1.1.12') \ No newline at end of file + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-52468-bcca59c28f5bbd61a03d862dfc0a688c.yaml b/nuclei-templates/2024/CVE-2024-52468-bcca59c28f5bbd61a03d862dfc0a688c.yaml index de22e158ac..41218f06c9 100644 --- a/nuclei-templates/2024/CVE-2024-52468-bcca59c28f5bbd61a03d862dfc0a688c.yaml +++ b/nuclei-templates/2024/CVE-2024-52468-bcca59c28f5bbd61a03d862dfc0a688c.yaml @@ -2,11 +2,11 @@ id: CVE-2024-52468-bcca59c28f5bbd61a03d862dfc0a688c info: name: > - LeadBoxer <= 1.2 - Unauthenticated Cross-Site Scripting + LeadBoxer <= 1.3 - Reflected Cross-Site Scripting author: topscoder - severity: high + severity: medium description: > - The LeadBoxer plugin for WordPress is vulnerable to Cross-Site Scripting in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible forunauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser. + The LeadBoxer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/40dc5db4-0907-48bf-a483-0da40589107d?source=api-prod @@ -18,7 +18,7 @@ info: fofa-query: "wp-content/plugins/leadboxer/" google-query: inurl:"/wp-content/plugins/leadboxer/" shodan-query: 'vuln:CVE-2024-52468' - tags: cve,wordpress,wp-plugin,leadboxer,high + tags: cve,wordpress,wp-plugin,leadboxer,medium http: - method: GET @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 1.2') \ No newline at end of file + - compare_versions(version, '<= 1.3') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-52472-048cf5884fc33e49c20b60e622ee6953.yaml b/nuclei-templates/2024/CVE-2024-52472-048cf5884fc33e49c20b60e622ee6953.yaml index 7126072fed..4119b58e5a 100644 --- a/nuclei-templates/2024/CVE-2024-52472-048cf5884fc33e49c20b60e622ee6953.yaml +++ b/nuclei-templates/2024/CVE-2024-52472-048cf5884fc33e49c20b60e622ee6953.yaml @@ -2,11 +2,11 @@ id: CVE-2024-52472-048cf5884fc33e49c20b60e622ee6953 info: name: > - Weather Atlas Widget <= 3.0.1 - Unauthenticated Cross-Site Scripting + Weather Atlas Widget <= 3.0.2 - Unauthenticated Cross-Site Scripting author: topscoder severity: high description: > - The Weather Atlas Widget plugin for WordPress is vulnerable to Cross-Site Scripting in all versions up to, and including, 3.0.1 due to insufficient input sanitization and output escaping. This makes it possible forunauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser. + The Weather Atlas Widget plugin for WordPress is vulnerable to Cross-Site Scripting in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping. This makes it possible forunauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/09c4412f-69ea-4214-ae07-6b6b8ff1c101?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 3.0.1') \ No newline at end of file + - compare_versions(version, '<= 3.0.2') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-52485-c49a8c83d4b80672ff8c5ba8e89187b3.yaml b/nuclei-templates/2024/CVE-2024-52485-c49a8c83d4b80672ff8c5ba8e89187b3.yaml index 7cacde74a6..65ec366644 100644 --- a/nuclei-templates/2024/CVE-2024-52485-c49a8c83d4b80672ff8c5ba8e89187b3.yaml +++ b/nuclei-templates/2024/CVE-2024-52485-c49a8c83d4b80672ff8c5ba8e89187b3.yaml @@ -2,11 +2,11 @@ id: CVE-2024-52485-c49a8c83d4b80672ff8c5ba8e89187b3 info: name: > - WP Menu Image <= 2.2 - Missing Authorization + WP Menu Image <= 2.2 - Missing Authorization to Unauthenticated Menu Image Deletion author: topscoder severity: high description: > - The WP Menu Image plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 2.2. This makes it possible for unauthenticated attackers to perform an unauthorized action. + The WP Menu Image plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wmi_delete_img_menu' function in all versions up to, and including, 2.2. This makes it possible for unauthenticated attackers to delete images from menus. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/3c584f15-34ab-4577-a94d-d0976cc06f3a?source=api-prod diff --git a/nuclei-templates/2024/CVE-2024-52488-ca29ee5d90a88338176b4c8537b40a81.yaml b/nuclei-templates/2024/CVE-2024-52488-ca29ee5d90a88338176b4c8537b40a81.yaml index cf3e08bb48..10411606d9 100644 --- a/nuclei-templates/2024/CVE-2024-52488-ca29ee5d90a88338176b4c8537b40a81.yaml +++ b/nuclei-templates/2024/CVE-2024-52488-ca29ee5d90a88338176b4c8537b40a81.yaml @@ -2,11 +2,11 @@ id: CVE-2024-52488-ca29ee5d90a88338176b4c8537b40a81 info: name: > - AccessPress Staple <= 1.9.1 and Grip <= 1.0.9 - Authenticated (Subscriber+) Arbitrary Plugin Activation and Deactivation + Multiple Themes - Authenticated (Subscriber+) Arbitrary Plugin Activation and Deactivation author: topscoder severity: low description: > - The AccessPress Staple theme and Grip theme for WordPress is vulnerable to unauthorized access to functionality in all versions up to, and including, 1.9.1 (AccessPress Staple) and 1.0.9 (Grip). This makes it possible for authenticated attackers, with Subscriber-level access and above, to activate or deactivate arbitrary plugins, which may make arbitrary code execution possible. + Several themes are vulnerable to unauthorized access to functionality in various versions. This makes it possible for authenticated attackers, with Subscriber-level access and above, to activate or deactivate arbitrary plugins, which may make arbitrary code execution possible. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/7b086aec-3af4-4498-bb7d-dd6f6d264be7?source=api-prod diff --git a/nuclei-templates/2024/CVE-2024-52491-20657aee3fad2c25e1a5fa8f583944ea.yaml b/nuclei-templates/2024/CVE-2024-52491-20657aee3fad2c25e1a5fa8f583944ea.yaml index 215e6f2f89..782ebcaf82 100644 --- a/nuclei-templates/2024/CVE-2024-52491-20657aee3fad2c25e1a5fa8f583944ea.yaml +++ b/nuclei-templates/2024/CVE-2024-52491-20657aee3fad2c25e1a5fa8f583944ea.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: low description: > - The Sticky Social Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled. + The Sticky Social Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled. CVE-2024-10551 may be a duplicate of this issue. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/0dbacaae-1d41-4d29-b477-e624822e287d?source=api-prod diff --git a/nuclei-templates/2024/CVE-2024-52495-bed1690580635619eec51722f0312737.yaml b/nuclei-templates/2024/CVE-2024-52495-bed1690580635619eec51722f0312737.yaml index 827500cd27..400d309847 100644 --- a/nuclei-templates/2024/CVE-2024-52495-bed1690580635619eec51722f0312737.yaml +++ b/nuclei-templates/2024/CVE-2024-52495-bed1690580635619eec51722f0312737.yaml @@ -2,11 +2,11 @@ id: CVE-2024-52495-bed1690580635619eec51722f0312737 info: name: > - Distance Based Shipping Calculator <= 2.0.21 - Authenticated (Subscriber+) SQL Injection + Distance Based Shipping Calculator <= 2.0.22 - Authenticated (Subscriber+) SQL Injection author: topscoder severity: low description: > - The Distance Based Shipping Calculator plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 2.0.21 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + The Distance Based Shipping Calculator plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 2.0.22 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/2741ec8c-7bd3-42f9-b964-4532216e1cea?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 2.0.21') \ No newline at end of file + - compare_versions(version, '<= 2.0.22') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-5324-2e6cedc84defe4a367a014c23cc19290.yaml b/nuclei-templates/2024/CVE-2024-5324-2e6cedc84defe4a367a014c23cc19290.yaml new file mode 100644 index 0000000000..641d0e1408 --- /dev/null +++ b/nuclei-templates/2024/CVE-2024-5324-2e6cedc84defe4a367a014c23cc19290.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-5324-2e6cedc84defe4a367a014c23cc19290 + +info: + name: > + XootiX Framework <= Various Plugin Versions - Missing Authorization to Arbitrary Options Update + author: topscoder + severity: low + description: > + Multiple plugins for WordPress utilizing the XootiX Framework are vulnerable to unauthorized modification of data due to a missing capability check on the 'import_settings' function in various versions. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change arbitrary options on affected sites. This can be used to enable new user registration and set the default role for new users to Administrator. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/005a27c6-b9eb-466c-b0c3-ce52c25bb321?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2024-5324 + metadata: + fofa-query: "wp-content/plugins/mobile-login-woocommerce/" + google-query: inurl:"/wp-content/plugins/mobile-login-woocommerce/" + shodan-query: 'vuln:CVE-2024-5324' + tags: cve,wordpress,wp-plugin,mobile-login-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mobile-login-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mobile-login-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.1') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-5324-f62a2b5d8ff5fddc7cbc75a5c73ab123.yaml b/nuclei-templates/2024/CVE-2024-5324-f62a2b5d8ff5fddc7cbc75a5c73ab123.yaml index cd1ed4af98..f55add5975 100644 --- a/nuclei-templates/2024/CVE-2024-5324-f62a2b5d8ff5fddc7cbc75a5c73ab123.yaml +++ b/nuclei-templates/2024/CVE-2024-5324-f62a2b5d8ff5fddc7cbc75a5c73ab123.yaml @@ -2,11 +2,11 @@ id: CVE-2024-5324-f62a2b5d8ff5fddc7cbc75a5c73ab123 info: name: > - Login/Signup Popup ( Inline Form + Woocommerce ) 2.7.1 - 2.7.2 - Missing Authorization to Arbitrary Options Update + XootiX Framework <= Various Plugin Versions - Missing Authorization to Arbitrary Options Update author: topscoder severity: low description: > - The Login/Signup Popup ( Inline Form + Woocommerce ) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'import_settings' function in versions 2.7.1 to 2.7.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change arbitrary options on affected sites. This can be used to enable new user registration and set the default role for new users to Administrator. + Multiple plugins for WordPress utilizing the XootiX Framework are vulnerable to unauthorized modification of data due to a missing capability check on the 'import_settings' function in various versions. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change arbitrary options on affected sites. This can be used to enable new user registration and set the default role for new users to Administrator. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/005a27c6-b9eb-466c-b0c3-ce52c25bb321?source=api-prod diff --git a/nuclei-templates/2024/CVE-2024-53746-3ded91890966ff471c6e9354d423b5ef.yaml b/nuclei-templates/2024/CVE-2024-53746-3ded91890966ff471c6e9354d423b5ef.yaml index af31563179..937ce444c0 100644 --- a/nuclei-templates/2024/CVE-2024-53746-3ded91890966ff471c6e9354d423b5ef.yaml +++ b/nuclei-templates/2024/CVE-2024-53746-3ded91890966ff471c6e9354d423b5ef.yaml @@ -2,11 +2,11 @@ id: CVE-2024-53746-3ded91890966ff471c6e9354d423b5ef info: name: > - Elementor Button Plus <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting + Elementor Button Plus <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting author: topscoder severity: low description: > - The Elementor Button Plus plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + The Elementor Button Plus plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/4f6c69ca-eb1e-445a-af72-5f03dfa07f9b?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 1.3.3') \ No newline at end of file + - compare_versions(version, '<= 1.3.4') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-53749-1d9d87f4022b97c2e4089a6828e241fc.yaml b/nuclei-templates/2024/CVE-2024-53749-1d9d87f4022b97c2e4089a6828e241fc.yaml index b441125385..b336f623c4 100644 --- a/nuclei-templates/2024/CVE-2024-53749-1d9d87f4022b97c2e4089a6828e241fc.yaml +++ b/nuclei-templates/2024/CVE-2024-53749-1d9d87f4022b97c2e4089a6828e241fc.yaml @@ -2,11 +2,11 @@ id: CVE-2024-53749-1d9d87f4022b97c2e4089a6828e241fc info: name: > - Post Carousel Slider for Elementor <= 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + Post Carousel Slider for Elementor <= 1.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting author: topscoder severity: low description: > - The Post Carousel Slider for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + The Post Carousel Slider for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/c205041a-01c9-44cd-8270-dafae2a78cbf?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 1.4.0') \ No newline at end of file + - compare_versions(version, '<= 1.5.0') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-53772-277c760c8d8f4930fc51c04bff87c407.yaml b/nuclei-templates/2024/CVE-2024-53772-277c760c8d8f4930fc51c04bff87c407.yaml index deaa233dd3..b07696429f 100644 --- a/nuclei-templates/2024/CVE-2024-53772-277c760c8d8f4930fc51c04bff87c407.yaml +++ b/nuclei-templates/2024/CVE-2024-53772-277c760c8d8f4930fc51c04bff87c407.yaml @@ -2,11 +2,11 @@ id: CVE-2024-53772-277c760c8d8f4930fc51c04bff87c407 info: name: > - Mail Picker <= 1.0.14 - Authenticated (Contributor+) Stored Cross-Site Scripting + Mail Picker <= 1.0.15 - Authenticated (Contributor+) Stored Cross-Site Scripting author: topscoder severity: low description: > - The Mail Picker plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + The Mail Picker plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/4b4de145-bff1-4265-97bf-4085b4112a66?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 1.0.14') \ No newline at end of file + - compare_versions(version, '<= 1.0.15') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-53793-d3005914f049e11801fdde85b91a6bf6.yaml b/nuclei-templates/2024/CVE-2024-53793-d3005914f049e11801fdde85b91a6bf6.yaml index 94d7023254..8e2b5680d8 100644 --- a/nuclei-templates/2024/CVE-2024-53793-d3005914f049e11801fdde85b91a6bf6.yaml +++ b/nuclei-templates/2024/CVE-2024-53793-d3005914f049e11801fdde85b91a6bf6.yaml @@ -15,17 +15,17 @@ info: cvss-score: 4.3 cve-id: CVE-2024-53793 metadata: - fofa-query: "wp-content/plugins/Plugin/" - google-query: inurl:"/wp-content/plugins/Plugin/" + fofa-query: "wp-content/plugins/edoc-easy-tables/" + google-query: inurl:"/wp-content/plugins/edoc-easy-tables/" shodan-query: 'vuln:CVE-2024-53793' - tags: cve,wordpress,wp-plugin,Plugin,medium + tags: cve,wordpress,wp-plugin,edoc-easy-tables,medium http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/Plugin/readme.txt" + - "{{BaseURL}}/wp-content/plugins/edoc-easy-tables/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "Plugin" + - "edoc-easy-tables" part: body - type: dsl diff --git a/nuclei-templates/2024/CVE-2024-53800-7c441afda7338e999eface7f6dd1f1e5.yaml b/nuclei-templates/2024/CVE-2024-53800-7c441afda7338e999eface7f6dd1f1e5.yaml index a9cd3efa11..c2c9c17c52 100644 --- a/nuclei-templates/2024/CVE-2024-53800-7c441afda7338e999eface7f6dd1f1e5.yaml +++ b/nuclei-templates/2024/CVE-2024-53800-7c441afda7338e999eface7f6dd1f1e5.yaml @@ -2,11 +2,11 @@ id: CVE-2024-53800-7c441afda7338e999eface7f6dd1f1e5 info: name: > - Rezgo Online Booking <= 4.1.5 - Unauthenticated Local File Inclusion + Rezgo Online Booking <= 4.16 - Unauthenticated Local File Inclusion author: topscoder severity: critical description: > - The Rezgo Online Booking plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.15. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. + The Rezgo Online Booking plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.16. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/14bc8256-227e-409a-b853-9157416b46ea?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 4.15') \ No newline at end of file + - compare_versions(version, '<= 4.16') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-54222-6221aed85ca9e1e11a4147fbbaa555a0.yaml b/nuclei-templates/2024/CVE-2024-54222-6221aed85ca9e1e11a4147fbbaa555a0.yaml index d43257cdb4..750faa89ae 100644 --- a/nuclei-templates/2024/CVE-2024-54222-6221aed85ca9e1e11a4147fbbaa555a0.yaml +++ b/nuclei-templates/2024/CVE-2024-54222-6221aed85ca9e1e11a4147fbbaa555a0.yaml @@ -15,17 +15,17 @@ info: cvss-score: 4.3 cve-id: CVE-2024-54222 metadata: - fofa-query: "wp-content/plugins/seraphinite-accelerator/" - google-query: inurl:"/wp-content/plugins/seraphinite-accelerator/" + fofa-query: "wp-content/plugins/seraphinite-accelerator-ext/" + google-query: inurl:"/wp-content/plugins/seraphinite-accelerator-ext/" shodan-query: 'vuln:CVE-2024-54222' - tags: cve,wordpress,wp-plugin,seraphinite-accelerator,low + tags: cve,wordpress,wp-plugin,seraphinite-accelerator-ext,low http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/seraphinite-accelerator/readme.txt" + - "{{BaseURL}}/wp-content/plugins/seraphinite-accelerator-ext/readme.txt" extractors: - type: regex @@ -51,9 +51,9 @@ http: - type: word words: - - "seraphinite-accelerator" + - "seraphinite-accelerator-ext" part: body - type: dsl dsl: - - compare_versions(version, '<= 2.22.15') \ No newline at end of file + - compare_versions(version, '<= 2.21.13') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-54230-421f5bcea4b13be62429fcb8ab498858.yaml b/nuclei-templates/2024/CVE-2024-54230-421f5bcea4b13be62429fcb8ab498858.yaml index 329ab34eff..b92982196b 100644 --- a/nuclei-templates/2024/CVE-2024-54230-421f5bcea4b13be62429fcb8ab498858.yaml +++ b/nuclei-templates/2024/CVE-2024-54230-421f5bcea4b13be62429fcb8ab498858.yaml @@ -2,11 +2,11 @@ id: CVE-2024-54230-421f5bcea4b13be62429fcb8ab498858 info: name: > - Unlock Addons for Elementor <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + Unlock Addons for Elementor <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting author: topscoder severity: low description: > - The Unlock Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + The Unlock Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/62f1635a-cb94-4c5e-a1f6-90a1eeb38968?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 1.0.0') \ No newline at end of file + - compare_versions(version, '<= 2.0.0') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-54251-4675c5cbd2d4490266ac6406a9506a12.yaml b/nuclei-templates/2024/CVE-2024-54251-4675c5cbd2d4490266ac6406a9506a12.yaml index 76a67dc4aa..a4b9a770c9 100644 --- a/nuclei-templates/2024/CVE-2024-54251-4675c5cbd2d4490266ac6406a9506a12.yaml +++ b/nuclei-templates/2024/CVE-2024-54251-4675c5cbd2d4490266ac6406a9506a12.yaml @@ -2,11 +2,11 @@ id: CVE-2024-54251-4675c5cbd2d4490266ac6406a9506a12 info: name: > - Prodigy Commerce <= 3.0.9 - Missing Authorization + Prodigy Commerce <= 3.1.2 - Missing Authorization author: topscoder severity: low description: > - The Prodigy Commerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.0.9. This makes it possible for authenticated attackers, with Contributor-level access and above, to perform an unauthorized action. + The Prodigy Commerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.1.2. This makes it possible for authenticated attackers, with Contributor-level access and above, to perform an unauthorized action. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/dea4a7f4-e075-45d9-bf71-f411f4ce30df?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 3.0.9') \ No newline at end of file + - compare_versions(version, '<= 3.1.2') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-54260-174ca9070168a4655d9261554d70d98e.yaml b/nuclei-templates/2024/CVE-2024-54260-174ca9070168a4655d9261554d70d98e.yaml index 413ee432a1..a351200e40 100644 --- a/nuclei-templates/2024/CVE-2024-54260-174ca9070168a4655d9261554d70d98e.yaml +++ b/nuclei-templates/2024/CVE-2024-54260-174ca9070168a4655d9261554d70d98e.yaml @@ -2,11 +2,11 @@ id: CVE-2024-54260-174ca9070168a4655d9261554d70d98e info: name: > - News Kit Elementor Addons <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting + News Kit Elementor Addons <= 1.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting author: topscoder severity: low description: > - The News Kit Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + The News Kit Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/df96f58a-bc6e-47e7-a465-4aebdb264512?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 1.2.2') \ No newline at end of file + - compare_versions(version, '<= 1.2.3') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-54286-10ca93dbf7ece7c7c37f6010a0f561c9.yaml b/nuclei-templates/2024/CVE-2024-54286-10ca93dbf7ece7c7c37f6010a0f561c9.yaml index 97c13b1beb..b4774c6683 100644 --- a/nuclei-templates/2024/CVE-2024-54286-10ca93dbf7ece7c7c37f6010a0f561c9.yaml +++ b/nuclei-templates/2024/CVE-2024-54286-10ca93dbf7ece7c7c37f6010a0f561c9.yaml @@ -2,11 +2,11 @@ id: CVE-2024-54286-10ca93dbf7ece7c7c37f6010a0f561c9 info: name: > - Smaily for WP <= 3.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting + Smaily for WP <= 3.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting author: topscoder severity: low description: > - The Smaily for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + The Smaily for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/5490773f-8b04-4a4c-a9aa-3c10c5b2360d?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 3.1.2') \ No newline at end of file + - compare_versions(version, '<= 3.1.5') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-54288-4b136af1d995128cff38a7d7f45e69de.yaml b/nuclei-templates/2024/CVE-2024-54288-4b136af1d995128cff38a7d7f45e69de.yaml index 182c885dca..bac66be8d6 100644 --- a/nuclei-templates/2024/CVE-2024-54288-4b136af1d995128cff38a7d7f45e69de.yaml +++ b/nuclei-templates/2024/CVE-2024-54288-4b136af1d995128cff38a7d7f45e69de.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: medium description: > - The LDD Directory Lite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 3.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + The LDD Directory Lite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/917820b1-c6a6-4afd-9009-60fc1c0a39d8?source=api-prod diff --git a/nuclei-templates/2024/CVE-2024-54290-3f2a88b12197b8d4425add019099a873.yaml b/nuclei-templates/2024/CVE-2024-54290-3f2a88b12197b8d4425add019099a873.yaml index 21e4d357e8..95d4703a4f 100644 --- a/nuclei-templates/2024/CVE-2024-54290-3f2a88b12197b8d4425add019099a873.yaml +++ b/nuclei-templates/2024/CVE-2024-54290-3f2a88b12197b8d4425add019099a873.yaml @@ -2,11 +2,11 @@ id: CVE-2024-54290-3f2a88b12197b8d4425add019099a873 info: name: > - Role Includer <= 1.6 - Reflected Cross-Site Scripting + Role Includer <= 1.6 - Reflected Cross-Site Scripting via user_id Parameter author: topscoder severity: medium description: > - The Role Includer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + The Role Includer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘user_id’ parameter in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/fcc21e14-30f4-474f-9740-0cb4fe110f70?source=api-prod diff --git a/nuclei-templates/2024/CVE-2024-54296-e653bc9078dacc5f6765c423a036a875.yaml b/nuclei-templates/2024/CVE-2024-54296-e653bc9078dacc5f6765c423a036a875.yaml index 8536ec0787..de6697d5d8 100644 --- a/nuclei-templates/2024/CVE-2024-54296-e653bc9078dacc5f6765c423a036a875.yaml +++ b/nuclei-templates/2024/CVE-2024-54296-e653bc9078dacc5f6765c423a036a875.yaml @@ -2,11 +2,11 @@ id: CVE-2024-54296-e653bc9078dacc5f6765c423a036a875 info: name: > - CoSchool LMS <= 1.2 - Missing Authorization to Privilege Escalation + CoSchool LMS <= 1.3 - Missing Authorization to Privilege Escalation author: topscoder severity: high description: > - The CoSchool LMS – A complete Learning Management System to Create and Sell Your Courses Online plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.2. This makes it possible for unauthenticated attackers to elevate their privilege level and gain access to administrator accounts. + The CoSchool LMS – A complete Learning Management System to Create and Sell Your Courses Online plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.3. This makes it possible for unauthenticated attackers to elevate their privilege level and gain access to administrator accounts. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/1ef13f92-ae45-411a-b7b4-cdaf299afc8a?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 1.2') \ No newline at end of file + - compare_versions(version, '<= 1.3') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-54376-944a6ac87fcc74845570439445e121a1.yaml b/nuclei-templates/2024/CVE-2024-54376-944a6ac87fcc74845570439445e121a1.yaml index e3e7ba476d..928fb010d2 100644 --- a/nuclei-templates/2024/CVE-2024-54376-944a6ac87fcc74845570439445e121a1.yaml +++ b/nuclei-templates/2024/CVE-2024-54376-944a6ac87fcc74845570439445e121a1.yaml @@ -2,11 +2,11 @@ id: CVE-2024-54376-944a6ac87fcc74845570439445e121a1 info: name: > - EazyDocs <= 2.5.6 - Authenticated (Contributor+) Local File Inclusion + EazyDocs <= 2.5.8 - Authenticated (Contributor+) Local File Inclusion author: topscoder severity: low description: > - The EazyDocs plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.5.6. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. + The EazyDocs plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.5.8. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/61bc71cf-aeaf-4f33-8367-68d5e8ea442c?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 2.5.6') \ No newline at end of file + - compare_versions(version, '<= 2.5.8') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-5441-ac5094c9721ab0d78dbe312bf4fbf927.yaml b/nuclei-templates/2024/CVE-2024-5441-ac5094c9721ab0d78dbe312bf4fbf927.yaml index 7c9e2febb7..0bd24bea31 100644 --- a/nuclei-templates/2024/CVE-2024-5441-ac5094c9721ab0d78dbe312bf4fbf927.yaml +++ b/nuclei-templates/2024/CVE-2024-5441-ac5094c9721ab0d78dbe312bf4fbf927.yaml @@ -15,17 +15,17 @@ info: cvss-score: 8.8 cve-id: CVE-2024-5441 metadata: - fofa-query: "wp-content/plugins/modern-events-calendar/" - google-query: inurl:"/wp-content/plugins/modern-events-calendar/" + fofa-query: "wp-content/plugins/modern-events-calendar-lite/" + google-query: inurl:"/wp-content/plugins/modern-events-calendar-lite/" shodan-query: 'vuln:CVE-2024-5441' - tags: cve,wordpress,wp-plugin,modern-events-calendar,low + tags: cve,wordpress,wp-plugin,modern-events-calendar-lite,low http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/modern-events-calendar/readme.txt" + - "{{BaseURL}}/wp-content/plugins/modern-events-calendar-lite/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "modern-events-calendar" + - "modern-events-calendar-lite" part: body - type: dsl diff --git a/nuclei-templates/2024/CVE-2024-5554-cf240214e36f2618007c70ec29b07ee2.yaml b/nuclei-templates/2024/CVE-2024-5554-cf240214e36f2618007c70ec29b07ee2.yaml index d2c055d2ac..45201684d0 100644 --- a/nuclei-templates/2024/CVE-2024-5554-cf240214e36f2618007c70ec29b07ee2.yaml +++ b/nuclei-templates/2024/CVE-2024-5554-cf240214e36f2618007c70ec29b07ee2.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: low description: > - The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘onclick_event’ parameter in all versions up to, and including, 5.6.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘onclick_event’ parameter in all versions up to, and including, 5.6.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2024-39667 is likely a duplicate of this issue. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/696c379a-c5a4-489f-8363-8aea9a4da814?source=api-prod diff --git a/nuclei-templates/2024/CVE-2024-5578-ceba0fed934cd22fd5074d4da68640cb.yaml b/nuclei-templates/2024/CVE-2024-5578-ceba0fed934cd22fd5074d4da68640cb.yaml index d643055713..628c8cab01 100644 --- a/nuclei-templates/2024/CVE-2024-5578-ceba0fed934cd22fd5074d4da68640cb.yaml +++ b/nuclei-templates/2024/CVE-2024-5578-ceba0fed934cd22fd5074d4da68640cb.yaml @@ -2,11 +2,11 @@ id: CVE-2024-5578-ceba0fed934cd22fd5074d4da68640cb info: name: > - Table of Contents Plus <= 2408 - Authenticated (Editor+) Stored Cross-Site Scripting + Table of Contents Plus <= 2411 - Authenticated (Editor+) Stored Cross-Site Scripting author: topscoder severity: low description: > - The Table of Contents Plus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2408 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. + The Table of Contents Plus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2411 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e1ae8f2-dd2e-46f9-bef1-aaaee26435a1?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 2408') \ No newline at end of file + - compare_versions(version, '<= 2411') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-55981-df7d9e6829226bb31deae692e3438c99.yaml b/nuclei-templates/2024/CVE-2024-55981-df7d9e6829226bb31deae692e3438c99.yaml index a40aad742f..659f540bd8 100644 --- a/nuclei-templates/2024/CVE-2024-55981-df7d9e6829226bb31deae692e3438c99.yaml +++ b/nuclei-templates/2024/CVE-2024-55981-df7d9e6829226bb31deae692e3438c99.yaml @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '* - v1.00') \ No newline at end of file + - compare_versions(version, '<= v1.00') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-56208-dfc9ca8fc422a28f443bdc6b4eed2672.yaml b/nuclei-templates/2024/CVE-2024-56208-dfc9ca8fc422a28f443bdc6b4eed2672.yaml index 8a69f6d9a9..c8e22a5123 100644 --- a/nuclei-templates/2024/CVE-2024-56208-dfc9ca8fc422a28f443bdc6b4eed2672.yaml +++ b/nuclei-templates/2024/CVE-2024-56208-dfc9ca8fc422a28f443bdc6b4eed2672.yaml @@ -2,11 +2,11 @@ id: CVE-2024-56208-dfc9ca8fc422a28f443bdc6b4eed2672 info: name: > - NewsDaily <= 1.0.60 - Authenticated (Contributor+) Stored Cross-Site Scripting + NewsDaily <= 1.0.64 - Authenticated (Contributor+) Stored Cross-Site Scripting author: topscoder severity: low description: > - The NewsDaily theme for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.60 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + The NewsDaily theme for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.64 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/9fcf8baf-502f-4e72-b217-e80f7ca136df?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 1.0.60') \ No newline at end of file + - compare_versions(version, '<= 1.0.64') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-56220-f1f8310a6e8e71e505c22a349cd81af3.yaml b/nuclei-templates/2024/CVE-2024-56220-f1f8310a6e8e71e505c22a349cd81af3.yaml index f36eb8eaea..e2929185c9 100644 --- a/nuclei-templates/2024/CVE-2024-56220-f1f8310a6e8e71e505c22a349cd81af3.yaml +++ b/nuclei-templates/2024/CVE-2024-56220-f1f8310a6e8e71e505c22a349cd81af3.yaml @@ -2,11 +2,11 @@ id: CVE-2024-56220-f1f8310a6e8e71e505c22a349cd81af3 info: name: > - SSL Wireless SMS Notification <= 3.5.0 - Unauthenticated Privilege Escalation + SSL Wireless SMS Notification <= 3.7.3 - Unauthenticated Privilege Escalation author: topscoder severity: critical description: > - The SSL Wireless SMS Notification plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.5.0. This makes it possible for unauthenticated attackers to elevate their privileges to that of an administrator. + The SSL Wireless SMS Notification plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.7.3. This makes it possible for unauthenticated attackers to elevate their privileges to that of an administrator. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/dd7f3a48-d851-4533-967c-f0aa98bb85d1?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 3.5.0') \ No newline at end of file + - compare_versions(version, '<= 3.7.3') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-56234-ef58e097ab36f1ad3c8331ed46c4f4a7.yaml b/nuclei-templates/2024/CVE-2024-56234-ef58e097ab36f1ad3c8331ed46c4f4a7.yaml index 08ca96cd9b..a29ea772a5 100644 --- a/nuclei-templates/2024/CVE-2024-56234-ef58e097ab36f1ad3c8331ed46c4f4a7.yaml +++ b/nuclei-templates/2024/CVE-2024-56234-ef58e097ab36f1ad3c8331ed46c4f4a7.yaml @@ -2,11 +2,11 @@ id: CVE-2024-56234-ef58e097ab36f1ad3c8331ed46c4f4a7 info: name: > - VW Automobile Lite <= 2.1 - Missing Authorization + VW Automobile Lite <= 2.1.2 - Missing Authorization author: topscoder severity: low description: > - The VW Automobile Lite theme for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action. + The VW Automobile Lite theme for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.1.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/b1beb4ab-aa1d-47bb-8031-6e2974b844f5?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 2.1') \ No newline at end of file + - compare_versions(version, '<= 2.1.2') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-5630-914f0b3c2b6c0410d9f770e5e5c6831d.yaml b/nuclei-templates/2024/CVE-2024-5630-914f0b3c2b6c0410d9f770e5e5c6831d.yaml index af6b42a165..9b74b3d433 100644 --- a/nuclei-templates/2024/CVE-2024-5630-914f0b3c2b6c0410d9f770e5e5c6831d.yaml +++ b/nuclei-templates/2024/CVE-2024-5630-914f0b3c2b6c0410d9f770e5e5c6831d.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: low description: > - The Insert or Embed Articulate Content into WordPress plugin for WordPress is vulnerable to arbitrary file uploads through insecure file uploads in a zip archive in all versions up to, and including, 4.3000000023. This makes it possible for unauthenticated attackers to upload zip files containing phar files on the affected site's server which may make remote code execution possible. + The Insert or Embed Articulate Content into WordPress plugin for WordPress is vulnerable to arbitrary file uploads through insecure file uploads in a zip archive in all versions up to, and including, 4.3000000023. This makes it possible for unauthenticated attackers to upload zip files containing phar files on the affected site's server which may make remote code execution possible. CVE-2024-0757 is likely a duplicate of this issue. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/af4b659b-6a14-46bc-9ffe-6f118c6b1e8d?source=api-prod diff --git a/nuclei-templates/2024/CVE-2024-6123-ce6110652213f8067611eb9c0e55f6b6.yaml b/nuclei-templates/2024/CVE-2024-6123-ce6110652213f8067611eb9c0e55f6b6.yaml index 563c5e49ee..d06a50f83d 100644 --- a/nuclei-templates/2024/CVE-2024-6123-ce6110652213f8067611eb9c0e55f6b6.yaml +++ b/nuclei-templates/2024/CVE-2024-6123-ce6110652213f8067611eb9c0e55f6b6.yaml @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 2.12.3') \ No newline at end of file + - compare_versions(version, '<= 2.13.3') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-6172-6f916cda5c71e0097ffffcab466f9c16.yaml b/nuclei-templates/2024/CVE-2024-6172-6f916cda5c71e0097ffffcab466f9c16.yaml index 732477b2da..9e54f00edc 100644 --- a/nuclei-templates/2024/CVE-2024-6172-6f916cda5c71e0097ffffcab466f9c16.yaml +++ b/nuclei-templates/2024/CVE-2024-6172-6f916cda5c71e0097ffffcab466f9c16.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: critical description: > - The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the db parameter in all versions up to, and including, 5.7.25 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the db parameter in all versions up to, and including, 5.7.25 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. CVE-2024-37252 appears to be a duplicate of this issue. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/13629598-d45d-4ff5-aeb5-6ac881d25183?source=api-prod diff --git a/nuclei-templates/2024/CVE-2024-6297-05b8b2a97ccecc2fd598cd6786810965.yaml b/nuclei-templates/2024/CVE-2024-6297-05b8b2a97ccecc2fd598cd6786810965.yaml index 54f7902d66..cbfae15aa2 100644 --- a/nuclei-templates/2024/CVE-2024-6297-05b8b2a97ccecc2fd598cd6786810965.yaml +++ b/nuclei-templates/2024/CVE-2024-6297-05b8b2a97ccecc2fd598cd6786810965.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: critical description: > - Several plugins for WordPress hosted on WordPress.org have been compromised and injected with malicious PHP scripts. A malicious threat actor compromised the source code of various plugins and injected code that exfiltrates database credentials and is used to create new, malicious, administrator users and send that data back to a server. Currently, not all plugins have been patched and we strongly recommend uninstalling the plugins for the time being and running a complete malware scan. + Several plugins for WordPress hosted on WordPress.org have been compromised and injected with malicious PHP scripts. A malicious threat actor compromised the source code of various plugins and injected code that exfiltrates database credentials and is used to create new, malicious, administrator users and send that data back to a server. All plugins have received updates reverting any added malicious code. Simply Show Hooks affected version (1.2.1) is the same as the patched version (1.2.1) - it does not appear that the malicious copy was ever officially released, so sites running 1.2.1 should be unaffected, though it is a good idea to run a complete Wordfence scan and verify that there are no rogue administrator accounts present. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/56d24bc8-4a1a-4e60-aec5-960703a6058a?source=api-prod diff --git a/nuclei-templates/2024/CVE-2024-6297-112fbc053bc2ea7f9354c0c0a7417448.yaml b/nuclei-templates/2024/CVE-2024-6297-112fbc053bc2ea7f9354c0c0a7417448.yaml new file mode 100644 index 0000000000..477f813dd7 --- /dev/null +++ b/nuclei-templates/2024/CVE-2024-6297-112fbc053bc2ea7f9354c0c0a7417448.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-6297-112fbc053bc2ea7f9354c0c0a7417448 + +info: + name: > + Several WordPress.org Plugins <= Various Versions - Injected Backdoor + author: topscoder + severity: critical + description: > + Several plugins for WordPress hosted on WordPress.org have been compromised and injected with malicious PHP scripts. A malicious threat actor compromised the source code of various plugins and injected code that exfiltrates database credentials and is used to create new, malicious, administrator users and send that data back to a server. All plugins have received updates reverting any added malicious code. Simply Show Hooks affected version (1.2.1) is the same as the patched version (1.2.1) - it does not appear that the malicious copy was ever officially released, so sites running 1.2.1 should be unaffected, though it is a good idea to run a complete Wordfence scan and verify that there are no rogue administrator accounts present. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/56d24bc8-4a1a-4e60-aec5-960703a6058a?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H + cvss-score: 10 + cve-id: CVE-2024-6297 + metadata: + fofa-query: "wp-content/plugins/britetechs-companion/" + google-query: inurl:"/wp-content/plugins/britetechs-companion/" + shodan-query: 'vuln:CVE-2024-6297' + tags: cve,wordpress,wp-plugin,britetechs-companion,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/britetechs-companion/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "britetechs-companion" + part: body + + - type: dsl + dsl: + - compare_versions(version, '2.2.7') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-6297-12f3f0d7b4c362657df12785d74b31a2.yaml b/nuclei-templates/2024/CVE-2024-6297-12f3f0d7b4c362657df12785d74b31a2.yaml index ea977fd5cd..7d4cdabd1c 100644 --- a/nuclei-templates/2024/CVE-2024-6297-12f3f0d7b4c362657df12785d74b31a2.yaml +++ b/nuclei-templates/2024/CVE-2024-6297-12f3f0d7b4c362657df12785d74b31a2.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: critical description: > - Several plugins for WordPress hosted on WordPress.org have been compromised and injected with malicious PHP scripts. A malicious threat actor compromised the source code of various plugins and injected code that exfiltrates database credentials and is used to create new, malicious, administrator users and send that data back to a server. Currently, not all plugins have been patched and we strongly recommend uninstalling the plugins for the time being and running a complete malware scan. + Several plugins for WordPress hosted on WordPress.org have been compromised and injected with malicious PHP scripts. A malicious threat actor compromised the source code of various plugins and injected code that exfiltrates database credentials and is used to create new, malicious, administrator users and send that data back to a server. All plugins have received updates reverting any added malicious code. Simply Show Hooks affected version (1.2.1) is the same as the patched version (1.2.1) - it does not appear that the malicious copy was ever officially released, so sites running 1.2.1 should be unaffected, though it is a good idea to run a complete Wordfence scan and verify that there are no rogue administrator accounts present. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/56d24bc8-4a1a-4e60-aec5-960703a6058a?source=api-prod diff --git a/nuclei-templates/2024/CVE-2024-6297-135b83ae7b5977385164eaf862a03544.yaml b/nuclei-templates/2024/CVE-2024-6297-135b83ae7b5977385164eaf862a03544.yaml new file mode 100644 index 0000000000..97bc0f76de --- /dev/null +++ b/nuclei-templates/2024/CVE-2024-6297-135b83ae7b5977385164eaf862a03544.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-6297-135b83ae7b5977385164eaf862a03544 + +info: + name: > + Several WordPress.org Plugins <= Various Versions - Injected Backdoor + author: topscoder + severity: critical + description: > + Several plugins for WordPress hosted on WordPress.org have been compromised and injected with malicious PHP scripts. A malicious threat actor compromised the source code of various plugins and injected code that exfiltrates database credentials and is used to create new, malicious, administrator users and send that data back to a server. All plugins have received updates reverting any added malicious code. Simply Show Hooks affected version (1.2.1) is the same as the patched version (1.2.1) - it does not appear that the malicious copy was ever officially released, so sites running 1.2.1 should be unaffected, though it is a good idea to run a complete Wordfence scan and verify that there are no rogue administrator accounts present. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/56d24bc8-4a1a-4e60-aec5-960703a6058a?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H + cvss-score: 10 + cve-id: CVE-2024-6297 + metadata: + fofa-query: "wp-content/plugins/ad-invalid-click-protector/" + google-query: inurl:"/wp-content/plugins/ad-invalid-click-protector/" + shodan-query: 'vuln:CVE-2024-6297' + tags: cve,wordpress,wp-plugin,ad-invalid-click-protector,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ad-invalid-click-protector/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ad-invalid-click-protector" + part: body + + - type: dsl + dsl: + - compare_versions(version, '1.2.9') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-6297-1c3c2494bd2adb59cd5542230e2341a0.yaml b/nuclei-templates/2024/CVE-2024-6297-1c3c2494bd2adb59cd5542230e2341a0.yaml new file mode 100644 index 0000000000..4b5dc8a8f2 --- /dev/null +++ b/nuclei-templates/2024/CVE-2024-6297-1c3c2494bd2adb59cd5542230e2341a0.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-6297-1c3c2494bd2adb59cd5542230e2341a0 + +info: + name: > + Several WordPress.org Plugins <= Various Versions - Injected Backdoor + author: topscoder + severity: critical + description: > + Several plugins for WordPress hosted on WordPress.org have been compromised and injected with malicious PHP scripts. A malicious threat actor compromised the source code of various plugins and injected code that exfiltrates database credentials and is used to create new, malicious, administrator users and send that data back to a server. All plugins have received updates reverting any added malicious code. Simply Show Hooks affected version (1.2.1) is the same as the patched version (1.2.1) - it does not appear that the malicious copy was ever officially released, so sites running 1.2.1 should be unaffected, though it is a good idea to run a complete Wordfence scan and verify that there are no rogue administrator accounts present. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/56d24bc8-4a1a-4e60-aec5-960703a6058a?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H + cvss-score: 10 + cve-id: CVE-2024-6297 + metadata: + fofa-query: "wp-content/plugins/pods/" + google-query: inurl:"/wp-content/plugins/pods/" + shodan-query: 'vuln:CVE-2024-6297' + tags: cve,wordpress,wp-plugin,pods,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pods/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pods" + part: body + + - type: dsl + dsl: + - compare_versions(version, '3.2.3') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-6297-334c7b18f1f1c784829e186f91cae5fa.yaml b/nuclei-templates/2024/CVE-2024-6297-334c7b18f1f1c784829e186f91cae5fa.yaml new file mode 100644 index 0000000000..77d0544f6c --- /dev/null +++ b/nuclei-templates/2024/CVE-2024-6297-334c7b18f1f1c784829e186f91cae5fa.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-6297-334c7b18f1f1c784829e186f91cae5fa + +info: + name: > + Several WordPress.org Plugins <= Various Versions - Injected Backdoor + author: topscoder + severity: critical + description: > + Several plugins for WordPress hosted on WordPress.org have been compromised and injected with malicious PHP scripts. A malicious threat actor compromised the source code of various plugins and injected code that exfiltrates database credentials and is used to create new, malicious, administrator users and send that data back to a server. All plugins have received updates reverting any added malicious code. Simply Show Hooks affected version (1.2.1) is the same as the patched version (1.2.1) - it does not appear that the malicious copy was ever officially released, so sites running 1.2.1 should be unaffected, though it is a good idea to run a complete Wordfence scan and verify that there are no rogue administrator accounts present. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/56d24bc8-4a1a-4e60-aec5-960703a6058a?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H + cvss-score: 10 + cve-id: CVE-2024-6297 + metadata: + fofa-query: "wp-content/plugins/simply-show-hooks/" + google-query: inurl:"/wp-content/plugins/simply-show-hooks/" + shodan-query: 'vuln:CVE-2024-6297' + tags: cve,wordpress,wp-plugin,simply-show-hooks,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simply-show-hooks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simply-show-hooks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.2.1', '<= 1.2.2') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-6297-344b0a0d69acaedd3de7b049efe18d05.yaml b/nuclei-templates/2024/CVE-2024-6297-344b0a0d69acaedd3de7b049efe18d05.yaml index d069a43e59..b72ebb113c 100644 --- a/nuclei-templates/2024/CVE-2024-6297-344b0a0d69acaedd3de7b049efe18d05.yaml +++ b/nuclei-templates/2024/CVE-2024-6297-344b0a0d69acaedd3de7b049efe18d05.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: critical description: > - Several plugins for WordPress hosted on WordPress.org have been compromised and injected with malicious PHP scripts. A malicious threat actor compromised the source code of various plugins and injected code that exfiltrates database credentials and is used to create new, malicious, administrator users and send that data back to a server. Currently, not all plugins have been patched and we strongly recommend uninstalling the plugins for the time being and running a complete malware scan. + Several plugins for WordPress hosted on WordPress.org have been compromised and injected with malicious PHP scripts. A malicious threat actor compromised the source code of various plugins and injected code that exfiltrates database credentials and is used to create new, malicious, administrator users and send that data back to a server. All plugins have received updates reverting any added malicious code. Simply Show Hooks affected version (1.2.1) is the same as the patched version (1.2.1) - it does not appear that the malicious copy was ever officially released, so sites running 1.2.1 should be unaffected, though it is a good idea to run a complete Wordfence scan and verify that there are no rogue administrator accounts present. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/56d24bc8-4a1a-4e60-aec5-960703a6058a?source=api-prod diff --git a/nuclei-templates/2024/CVE-2024-6297-7d6bd3bcb169bfc3eb1881a36596f9fd.yaml b/nuclei-templates/2024/CVE-2024-6297-7d6bd3bcb169bfc3eb1881a36596f9fd.yaml index 3abac2f93e..524ee30558 100644 --- a/nuclei-templates/2024/CVE-2024-6297-7d6bd3bcb169bfc3eb1881a36596f9fd.yaml +++ b/nuclei-templates/2024/CVE-2024-6297-7d6bd3bcb169bfc3eb1881a36596f9fd.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: critical description: > - Several plugins for WordPress hosted on WordPress.org have been compromised and injected with malicious PHP scripts. A malicious threat actor compromised the source code of various plugins and injected code that exfiltrates database credentials and is used to create new, malicious, administrator users and send that data back to a server. Currently, not all plugins have been patched and we strongly recommend uninstalling the plugins for the time being and running a complete malware scan. + Several plugins for WordPress hosted on WordPress.org have been compromised and injected with malicious PHP scripts. A malicious threat actor compromised the source code of various plugins and injected code that exfiltrates database credentials and is used to create new, malicious, administrator users and send that data back to a server. All plugins have received updates reverting any added malicious code. Simply Show Hooks affected version (1.2.1) is the same as the patched version (1.2.1) - it does not appear that the malicious copy was ever officially released, so sites running 1.2.1 should be unaffected, though it is a good idea to run a complete Wordfence scan and verify that there are no rogue administrator accounts present. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/56d24bc8-4a1a-4e60-aec5-960703a6058a?source=api-prod diff --git a/nuclei-templates/2024/CVE-2024-6297-9b20ab839c435a2425f980a5a8b2af99.yaml b/nuclei-templates/2024/CVE-2024-6297-9b20ab839c435a2425f980a5a8b2af99.yaml index 16f82751fb..20e9f29df1 100644 --- a/nuclei-templates/2024/CVE-2024-6297-9b20ab839c435a2425f980a5a8b2af99.yaml +++ b/nuclei-templates/2024/CVE-2024-6297-9b20ab839c435a2425f980a5a8b2af99.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: critical description: > - Several plugins for WordPress hosted on WordPress.org have been compromised and injected with malicious PHP scripts. A malicious threat actor compromised the source code of various plugins and injected code that exfiltrates database credentials and is used to create new, malicious, administrator users and send that data back to a server. Currently, not all plugins have been patched and we strongly recommend uninstalling the plugins for the time being and running a complete malware scan. + Several plugins for WordPress hosted on WordPress.org have been compromised and injected with malicious PHP scripts. A malicious threat actor compromised the source code of various plugins and injected code that exfiltrates database credentials and is used to create new, malicious, administrator users and send that data back to a server. All plugins have received updates reverting any added malicious code. Simply Show Hooks affected version (1.2.1) is the same as the patched version (1.2.1) - it does not appear that the malicious copy was ever officially released, so sites running 1.2.1 should be unaffected, though it is a good idea to run a complete Wordfence scan and verify that there are no rogue administrator accounts present. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/56d24bc8-4a1a-4e60-aec5-960703a6058a?source=api-prod diff --git a/nuclei-templates/2024/CVE-2024-6297-d1bf5e1c00eb6d3171ae96824517ba78.yaml b/nuclei-templates/2024/CVE-2024-6297-d1bf5e1c00eb6d3171ae96824517ba78.yaml index f5c76c95e9..c60a77e706 100644 --- a/nuclei-templates/2024/CVE-2024-6297-d1bf5e1c00eb6d3171ae96824517ba78.yaml +++ b/nuclei-templates/2024/CVE-2024-6297-d1bf5e1c00eb6d3171ae96824517ba78.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: critical description: > - Several plugins for WordPress hosted on WordPress.org have been compromised and injected with malicious PHP scripts. A malicious threat actor compromised the source code of various plugins and injected code that exfiltrates database credentials and is used to create new, malicious, administrator users and send that data back to a server. Currently, not all plugins have been patched and we strongly recommend uninstalling the plugins for the time being and running a complete malware scan. + Several plugins for WordPress hosted on WordPress.org have been compromised and injected with malicious PHP scripts. A malicious threat actor compromised the source code of various plugins and injected code that exfiltrates database credentials and is used to create new, malicious, administrator users and send that data back to a server. All plugins have received updates reverting any added malicious code. Simply Show Hooks affected version (1.2.1) is the same as the patched version (1.2.1) - it does not appear that the malicious copy was ever officially released, so sites running 1.2.1 should be unaffected, though it is a good idea to run a complete Wordfence scan and verify that there are no rogue administrator accounts present. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/56d24bc8-4a1a-4e60-aec5-960703a6058a?source=api-prod diff --git a/nuclei-templates/2024/CVE-2024-6297-e0e567a2373cf6d44037d8aabf954cd0.yaml b/nuclei-templates/2024/CVE-2024-6297-e0e567a2373cf6d44037d8aabf954cd0.yaml index bea01ccafc..3c27b22753 100644 --- a/nuclei-templates/2024/CVE-2024-6297-e0e567a2373cf6d44037d8aabf954cd0.yaml +++ b/nuclei-templates/2024/CVE-2024-6297-e0e567a2373cf6d44037d8aabf954cd0.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: critical description: > - Several plugins for WordPress hosted on WordPress.org have been compromised and injected with malicious PHP scripts. A malicious threat actor compromised the source code of various plugins and injected code that exfiltrates database credentials and is used to create new, malicious, administrator users and send that data back to a server. Currently, not all plugins have been patched and we strongly recommend uninstalling the plugins for the time being and running a complete malware scan. + Several plugins for WordPress hosted on WordPress.org have been compromised and injected with malicious PHP scripts. A malicious threat actor compromised the source code of various plugins and injected code that exfiltrates database credentials and is used to create new, malicious, administrator users and send that data back to a server. All plugins have received updates reverting any added malicious code. Simply Show Hooks affected version (1.2.1) is the same as the patched version (1.2.1) - it does not appear that the malicious copy was ever officially released, so sites running 1.2.1 should be unaffected, though it is a good idea to run a complete Wordfence scan and verify that there are no rogue administrator accounts present. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/56d24bc8-4a1a-4e60-aec5-960703a6058a?source=api-prod diff --git a/nuclei-templates/2024/CVE-2024-6297-f7e8ce900db202ce52caaec6a9410beb.yaml b/nuclei-templates/2024/CVE-2024-6297-f7e8ce900db202ce52caaec6a9410beb.yaml new file mode 100644 index 0000000000..4481245b8a --- /dev/null +++ b/nuclei-templates/2024/CVE-2024-6297-f7e8ce900db202ce52caaec6a9410beb.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-6297-f7e8ce900db202ce52caaec6a9410beb + +info: + name: > + Several WordPress.org Plugins <= Various Versions - Injected Backdoor + author: topscoder + severity: critical + description: > + Several plugins for WordPress hosted on WordPress.org have been compromised and injected with malicious PHP scripts. A malicious threat actor compromised the source code of various plugins and injected code that exfiltrates database credentials and is used to create new, malicious, administrator users and send that data back to a server. All plugins have received updates reverting any added malicious code. Simply Show Hooks affected version (1.2.1) is the same as the patched version (1.2.1) - it does not appear that the malicious copy was ever officially released, so sites running 1.2.1 should be unaffected, though it is a good idea to run a complete Wordfence scan and verify that there are no rogue administrator accounts present. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/56d24bc8-4a1a-4e60-aec5-960703a6058a?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H + cvss-score: 10 + cve-id: CVE-2024-6297 + metadata: + fofa-query: "wp-content/plugins/wp-server-stats/" + google-query: inurl:"/wp-content/plugins/wp-server-stats/" + shodan-query: 'vuln:CVE-2024-6297' + tags: cve,wordpress,wp-plugin,wp-server-stats,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-server-stats/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-server-stats" + part: body + + - type: dsl + dsl: + - compare_versions(version, '1.7.6') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-6297-fb9991aaaddfee540d44def4bbad0b4e.yaml b/nuclei-templates/2024/CVE-2024-6297-fb9991aaaddfee540d44def4bbad0b4e.yaml index 36ad3f0af5..e00e5248dc 100644 --- a/nuclei-templates/2024/CVE-2024-6297-fb9991aaaddfee540d44def4bbad0b4e.yaml +++ b/nuclei-templates/2024/CVE-2024-6297-fb9991aaaddfee540d44def4bbad0b4e.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: critical description: > - Several plugins for WordPress hosted on WordPress.org have been compromised and injected with malicious PHP scripts. A malicious threat actor compromised the source code of various plugins and injected code that exfiltrates database credentials and is used to create new, malicious, administrator users and send that data back to a server. Currently, not all plugins have been patched and we strongly recommend uninstalling the plugins for the time being and running a complete malware scan. + Several plugins for WordPress hosted on WordPress.org have been compromised and injected with malicious PHP scripts. A malicious threat actor compromised the source code of various plugins and injected code that exfiltrates database credentials and is used to create new, malicious, administrator users and send that data back to a server. All plugins have received updates reverting any added malicious code. Simply Show Hooks affected version (1.2.1) is the same as the patched version (1.2.1) - it does not appear that the malicious copy was ever officially released, so sites running 1.2.1 should be unaffected, though it is a good idea to run a complete Wordfence scan and verify that there are no rogue administrator accounts present. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/56d24bc8-4a1a-4e60-aec5-960703a6058a?source=api-prod diff --git a/nuclei-templates/2024/CVE-2024-6307-e8f460d9123e80420755bd67496d3195.yaml b/nuclei-templates/2024/CVE-2024-6307-e8f460d9123e80420755bd67496d3195.yaml index 38ba057193..7e01193795 100644 --- a/nuclei-templates/2024/CVE-2024-6307-e8f460d9123e80420755bd67496d3195.yaml +++ b/nuclei-templates/2024/CVE-2024-6307-e8f460d9123e80420755bd67496d3195.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: low description: > - WordPress Core is vulnerable to Stored Cross-Site Scripting via the HTML API in various versions up to 6.5.5 due to insufficient input sanitization and output escaping on URLs. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + WordPress Core is vulnerable to Stored Cross-Site Scripting via the HTML API in various versions prior to 6.5.5 due to insufficient input sanitization and output escaping on URLs. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/bc0d36f8-6569-49a1-b722-5cf57c4bb32a?source=api-prod diff --git a/nuclei-templates/2024/CVE-2024-6312-b9fa815eabbece02fbe913e892ae3664.yaml b/nuclei-templates/2024/CVE-2024-6312-b9fa815eabbece02fbe913e892ae3664.yaml index 548d904723..6a0e76722a 100644 --- a/nuclei-templates/2024/CVE-2024-6312-b9fa815eabbece02fbe913e892ae3664.yaml +++ b/nuclei-templates/2024/CVE-2024-6312-b9fa815eabbece02fbe913e892ae3664.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: low description: > - The Funnelforms Free plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 3.7.3.2 via the 'af2DeleteFontFile' function. This is due to the plugin not properly validating a file or its path prior to deleting it. This makes it possible for unauthenticated attackers to delete arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible. + The Funnelforms Free plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 3.7.3.2 via the 'af2DeleteFontFile' function. This is due to the plugin not properly validating a file or its path prior to deleting it. This makes it possible for authenticated attackers, with administrator-level access and above, to delete arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/3e815531-f966-44a1-a037-8077a40c83b0?source=api-prod diff --git a/nuclei-templates/2024/CVE-2024-6332-02f8dd56318b98d231f7d8802a66b5ef.yaml b/nuclei-templates/2024/CVE-2024-6332-02f8dd56318b98d231f7d8802a66b5ef.yaml new file mode 100644 index 0000000000..87e250d561 --- /dev/null +++ b/nuclei-templates/2024/CVE-2024-6332-02f8dd56318b98d231f7d8802a66b5ef.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-6332-02f8dd56318b98d231f7d8802a66b5ef + +info: + name: > + Booking for Appointments and Events Calendar – Amelia Premium <= 7.7 and Lite <= 1.2.4 - Missing Authorization to Sensitive Information Exposure + author: topscoder + severity: high + description: > + The Booking for Appointments and Events Calendar – Amelia Premium and Lite plugins for WordPress are vulnerable to unauthorized access of data due to a missing capability check on the 'ameliaButtonCommand' function in all versions up to, and including, Premium 7.7 and Lite 1.2.4. This makes it possible for unauthenticated attackers to access employee calendar details, including Google Calendar OAuth tokens in the premium version. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2ac1e3ee-4dcc-4f45-ad07-17af750da3d1?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N + cvss-score: 6.5 + cve-id: CVE-2024-6332 + metadata: + fofa-query: "wp-content/plugins/ameliabooking/" + google-query: inurl:"/wp-content/plugins/ameliabooking/" + shodan-query: 'vuln:CVE-2024-6332' + tags: cve,wordpress,wp-plugin,ameliabooking,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ameliabooking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ameliabooking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.4') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-6332-2662829d84d252d1beed604ae9221485.yaml b/nuclei-templates/2024/CVE-2024-6332-2662829d84d252d1beed604ae9221485.yaml index 2b036c29d2..d580abbbe2 100644 --- a/nuclei-templates/2024/CVE-2024-6332-2662829d84d252d1beed604ae9221485.yaml +++ b/nuclei-templates/2024/CVE-2024-6332-2662829d84d252d1beed604ae9221485.yaml @@ -2,11 +2,11 @@ id: CVE-2024-6332-2662829d84d252d1beed604ae9221485 info: name: > - Booking for Appointments and Events Calendar – Amelia Premium <= 7.7 and Lite <= 1.2.3 - Missing Authorization to Sensitive Information Exposure + Booking for Appointments and Events Calendar – Amelia Premium <= 7.7 and Lite <= 1.2.4 - Missing Authorization to Sensitive Information Exposure author: topscoder severity: high description: > - The Booking for Appointments and Events Calendar – Amelia Premium and Lite plugins for WordPress are vulnerable to unauthorized access of data due to a missing capability check on the 'ameliaButtonCommand' function in all versions up to, and including, Premium 7.7 and Lite 1.2.3. This makes it possible for unauthenticated attackers to access employee calendar details, including Google Calendar OAuth tokens in the premium version. + The Booking for Appointments and Events Calendar – Amelia Premium and Lite plugins for WordPress are vulnerable to unauthorized access of data due to a missing capability check on the 'ameliaButtonCommand' function in all versions up to, and including, Premium 7.7 and Lite 1.2.4. This makes it possible for unauthenticated attackers to access employee calendar details, including Google Calendar OAuth tokens in the premium version. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/2ac1e3ee-4dcc-4f45-ad07-17af750da3d1?source=api-prod diff --git a/nuclei-templates/2024/CVE-2024-6346-fea6860b580d66259047898b0b554218.yaml b/nuclei-templates/2024/CVE-2024-6346-fea6860b580d66259047898b0b554218.yaml index e21fabd718..1f15a0f062 100644 --- a/nuclei-templates/2024/CVE-2024-6346-fea6860b580d66259047898b0b554218.yaml +++ b/nuclei-templates/2024/CVE-2024-6346-fea6860b580d66259047898b0b554218.yaml @@ -2,11 +2,11 @@ id: CVE-2024-6346-fea6860b580d66259047898b0b554218 info: name: > - Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks <= 2.2.85a - Authenticated (Contributor+) Stored Cross-Site Scripting via redirectURL Parameter of Date Countdown Widget + Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks <= 2.2.85 - Authenticated (Contributor+) Stored Cross-Site Scripting via redirectURL Parameter of Date Countdown Widget author: topscoder severity: low description: > - The Gutenberg Blocks, Page Builder – ComboBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the redirectURL parameter of the Date Countdown widget, in all versions up to, and including, 2.2.85a due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + The Gutenberg Blocks, Page Builder – ComboBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the redirectURL parameter of the Date Countdown widget, in all versions up to, and including, 2.2.85 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/1512d911-167f-4653-ab20-cb057b83dab1?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '*-2.2.85a') \ No newline at end of file + - compare_versions(version, '<= 2.2.85') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-6386-4eed3d73004ed1a5572fcec0bbe99148.yaml b/nuclei-templates/2024/CVE-2024-6386-4eed3d73004ed1a5572fcec0bbe99148.yaml index 3ffa7e4b9b..6319fc64f3 100644 --- a/nuclei-templates/2024/CVE-2024-6386-4eed3d73004ed1a5572fcec0bbe99148.yaml +++ b/nuclei-templates/2024/CVE-2024-6386-4eed3d73004ed1a5572fcec0bbe99148.yaml @@ -2,11 +2,11 @@ id: CVE-2024-6386-4eed3d73004ed1a5572fcec0bbe99148 info: name: > - WPML Multilingual CMS <= 4.6.12 - Authenticated(Contributor+) Remote Code Execution via Twig Server-Side Template Injection + WPML Multilingual CMS <= 4.6.12 - Authenticated (Contributor+) Remote Code Execution via Twig Server-Side Template Injection author: topscoder severity: low description: > - The WPML plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.6.12 via the Twig Server-Side Template Injection. This is due to missing input validation and sanitization on the render function. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server. + The WPML plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.6.12 via Twig Server-Side Template Injection. This is due to missing input validation and sanitization on the render function. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/f7fc91cc-e529-4362-8269-bf7ee0766e1e?source=api-prod diff --git a/nuclei-templates/2024/CVE-2024-6408-313f9e2ba0a4ee6e8c1c902f6f31e4dd.yaml b/nuclei-templates/2024/CVE-2024-6408-313f9e2ba0a4ee6e8c1c902f6f31e4dd.yaml index ef4127ad65..8b4ef80e59 100644 --- a/nuclei-templates/2024/CVE-2024-6408-313f9e2ba0a4ee6e8c1c902f6f31e4dd.yaml +++ b/nuclei-templates/2024/CVE-2024-6408-313f9e2ba0a4ee6e8c1c902f6f31e4dd.yaml @@ -15,17 +15,17 @@ info: cvss-score: 4.4 cve-id: CVE-2024-6408 metadata: - fofa-query: "wp-content/plugins/UNKNOWN-CVE-2024-32578-1/" - google-query: inurl:"/wp-content/plugins/UNKNOWN-CVE-2024-32578-1/" + fofa-query: "wp-content/plugins/slider-wd/" + google-query: inurl:"/wp-content/plugins/slider-wd/" shodan-query: 'vuln:CVE-2024-6408' - tags: cve,wordpress,wp-plugin,UNKNOWN-CVE-2024-32578-1,low + tags: cve,wordpress,wp-plugin,slider-wd,low http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/UNKNOWN-CVE-2024-32578-1/readme.txt" + - "{{BaseURL}}/wp-content/plugins/slider-wd/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "UNKNOWN-CVE-2024-32578-1" + - "slider-wd" part: body - type: dsl diff --git a/nuclei-templates/2024/CVE-2024-6467-342ddc6b75dcf770dcb3a5578f3ed5bc.yaml b/nuclei-templates/2024/CVE-2024-6467-342ddc6b75dcf770dcb3a5578f3ed5bc.yaml index 11dceb1e19..524fb90b61 100644 --- a/nuclei-templates/2024/CVE-2024-6467-342ddc6b75dcf770dcb3a5578f3ed5bc.yaml +++ b/nuclei-templates/2024/CVE-2024-6467-342ddc6b75dcf770dcb3a5578f3ed5bc.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: low description: > - The BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for WordPress is vulnerable to Arbitrary File Read to Arbitrary File Creation in all versions up to, and including, 1.1.5 via the 'bookingpress_save_lite_wizard_settings_func' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create arbitrary files that contain the content of files on the server, allowing the execution of any PHP code in those files or the exposure of sensitive information. + The BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for WordPress is vulnerable to Arbitrary File Read to Arbitrary File Creation in all versions up to, and including, 1.1.5 via the 'bookingpress_save_lite_wizard_settings_func' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create arbitrary files that contain the content of files (either on the local server or from a remote location), allowing the execution of any PHP code in those files or the exposure of sensitive information. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/d0177510-cd7d-4cc5-96c3-78433aa0e3f6?source=api-prod diff --git a/nuclei-templates/2024/CVE-2024-6497-e3e9b0c53472bd7df907dcb2acd157ed.yaml b/nuclei-templates/2024/CVE-2024-6497-e3e9b0c53472bd7df907dcb2acd157ed.yaml index 4b6d260cf2..11b3ed7a57 100644 --- a/nuclei-templates/2024/CVE-2024-6497-e3e9b0c53472bd7df907dcb2acd157ed.yaml +++ b/nuclei-templates/2024/CVE-2024-6497-e3e9b0c53472bd7df907dcb2acd157ed.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: low description: > - The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 12.3.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 12.3.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2024-43286 appears to be a duplicate of this issue. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/bb3aa613-8f34-4d96-8ddf-41fcdcf65c59?source=api-prod diff --git a/nuclei-templates/2024/CVE-2024-6518-38cf64913ce937364d5f6d9ad5d6d13c.yaml b/nuclei-templates/2024/CVE-2024-6518-38cf64913ce937364d5f6d9ad5d6d13c.yaml index c364a5e830..59efc9f825 100644 --- a/nuclei-templates/2024/CVE-2024-6518-38cf64913ce937364d5f6d9ad5d6d13c.yaml +++ b/nuclei-templates/2024/CVE-2024-6518-38cf64913ce937364d5f6d9ad5d6d13c.yaml @@ -2,17 +2,17 @@ id: CVE-2024-6518-38cf64913ce937364d5f6d9ad5d6d13c info: name: > - fluentform <= 5.1.19 - Authenticated (Administrator+) Stored Cross-Site Scripting + Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.19 - Authenticated (Administrator+) Stored Cross-Site Scripting author: topscoder severity: low description: > - The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via input fields in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/66ca9c39-1ba0-4208-ae35-d2c3c9ea4eb9?source=api-prod classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N - cvss-score: 5.5 + cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N + cvss-score: 4.4 cve-id: CVE-2024-6518 metadata: fofa-query: "wp-content/plugins/fluentform/" diff --git a/nuclei-templates/2024/CVE-2024-6520-06c2e8545cfad6b719be0087dc0565b2.yaml b/nuclei-templates/2024/CVE-2024-6520-06c2e8545cfad6b719be0087dc0565b2.yaml index 7e23cdd5ff..b7d3af853d 100644 --- a/nuclei-templates/2024/CVE-2024-6520-06c2e8545cfad6b719be0087dc0565b2.yaml +++ b/nuclei-templates/2024/CVE-2024-6520-06c2e8545cfad6b719be0087dc0565b2.yaml @@ -2,17 +2,17 @@ id: CVE-2024-6520-06c2e8545cfad6b719be0087dc0565b2 info: name: > - fluentform <= 5.1.19 - Authenticated (Administrator+) Stored Cross-Site Scripting + Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.19 - Authenticated (Administrator+) Stored Cross-Site Scripting author: topscoder severity: low description: > - The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom error message in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/0a30d35c-9883-4b0f-83a2-494401c45d8e?source=api-prod classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N - cvss-score: 5.5 + cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N + cvss-score: 4.4 cve-id: CVE-2024-6520 metadata: fofa-query: "wp-content/plugins/fluentform/" diff --git a/nuclei-templates/2024/CVE-2024-6521-9552b26c8138e797dfde8a5b984a020b.yaml b/nuclei-templates/2024/CVE-2024-6521-9552b26c8138e797dfde8a5b984a020b.yaml index 83181bc94d..09ff9e9833 100644 --- a/nuclei-templates/2024/CVE-2024-6521-9552b26c8138e797dfde8a5b984a020b.yaml +++ b/nuclei-templates/2024/CVE-2024-6521-9552b26c8138e797dfde8a5b984a020b.yaml @@ -2,17 +2,17 @@ id: CVE-2024-6521-9552b26c8138e797dfde8a5b984a020b info: name: > - fluentform <= 5.1.19 - Authenticated (Administrator+) Stored Cross-Site Scripting + Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.19 - Authenticated (Administrator+) Stored Cross-Site Scripting author: topscoder severity: low description: > - The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via dropdown fields in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/be7c6cfa-6cac-46d2-8eb9-9fef8049f6e7?source=api-prod classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N - cvss-score: 5.5 + cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N + cvss-score: 4.4 cve-id: CVE-2024-6521 metadata: fofa-query: "wp-content/plugins/fluentform/" diff --git a/nuclei-templates/2024/CVE-2024-6522-a62dd7e7bea1a6240ea6423ff3414860.yaml b/nuclei-templates/2024/CVE-2024-6522-a62dd7e7bea1a6240ea6423ff3414860.yaml index 70f9cd8d73..c708bfc383 100644 --- a/nuclei-templates/2024/CVE-2024-6522-a62dd7e7bea1a6240ea6423ff3414860.yaml +++ b/nuclei-templates/2024/CVE-2024-6522-a62dd7e7bea1a6240ea6423ff3414860.yaml @@ -15,17 +15,17 @@ info: cvss-score: 8.5 cve-id: CVE-2024-6522 metadata: - fofa-query: "wp-content/plugins/modern-events-calendar/" - google-query: inurl:"/wp-content/plugins/modern-events-calendar/" + fofa-query: "wp-content/plugins/modern-events-calendar-lite/" + google-query: inurl:"/wp-content/plugins/modern-events-calendar-lite/" shodan-query: 'vuln:CVE-2024-6522' - tags: cve,wordpress,wp-plugin,modern-events-calendar,low + tags: cve,wordpress,wp-plugin,modern-events-calendar-lite,low http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/modern-events-calendar/readme.txt" + - "{{BaseURL}}/wp-content/plugins/modern-events-calendar-lite/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "modern-events-calendar" + - "modern-events-calendar-lite" part: body - type: dsl diff --git a/nuclei-templates/2024/CVE-2024-6567-cd458d4e5de99d14031cf0df8448b02a.yaml b/nuclei-templates/2024/CVE-2024-6567-cd458d4e5de99d14031cf0df8448b02a.yaml index 07bb526d7f..2adfa1f307 100644 --- a/nuclei-templates/2024/CVE-2024-6567-cd458d4e5de99d14031cf0df8448b02a.yaml +++ b/nuclei-templates/2024/CVE-2024-6567-cd458d4e5de99d14031cf0df8448b02a.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: medium description: > - The Ebook Store plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 5.8001. This is due to the plugin utilizing fpdi-protection and not preventing direct access to test files that have display_errors set to true. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. + The Ebook Store plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 5.8001. This is due to the plugin utilizing fpdi-protection and not preventing direct access to test files that have display_errors set to true. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. The plugin vendor removed the test files, however, did not increment the version meaning this is inadequately patched in the same version that is affected. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/ebe431a7-b552-4891-9784-c6a7353228da?source=api-prod diff --git a/nuclei-templates/2024/CVE-2024-6599-9ad4db4a6e6fd3c87c5199e80410875f.yaml b/nuclei-templates/2024/CVE-2024-6599-9ad4db4a6e6fd3c87c5199e80410875f.yaml index 129b230b0f..20db907951 100644 --- a/nuclei-templates/2024/CVE-2024-6599-9ad4db4a6e6fd3c87c5199e80410875f.yaml +++ b/nuclei-templates/2024/CVE-2024-6599-9ad4db4a6e6fd3c87c5199e80410875f.yaml @@ -6,7 +6,8 @@ info: author: topscoder severity: low description: > - The Meks Video Importer plugin for WordPress is vulnerable to unauthorized API key modification due to a missing capability check on the ajax_save_settings function in all versions up to, and including, 1.0.12. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify the plugin's API keys + The Meks Video Importer plugin for WordPress is vulnerable to unauthorized API key modification due to a missing capability check on the ajax_save_settings function in all versions up to, and including, 1.0.12. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify the plugin's API keys. + CVE-2024-38733 may be a duplicate of this issue. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/eaf9cc48-1ba6-4e9b-9f49-54f7747c26e0?source=api-prod diff --git a/nuclei-templates/2024/CVE-2024-6666-f524b500b74a1c90be50f56d9d664783.yaml b/nuclei-templates/2024/CVE-2024-6666-f524b500b74a1c90be50f56d9d664783.yaml index 7da11da82b..907c09b7a0 100644 --- a/nuclei-templates/2024/CVE-2024-6666-f524b500b74a1c90be50f56d9d664783.yaml +++ b/nuclei-templates/2024/CVE-2024-6666-f524b500b74a1c90be50f56d9d664783.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: low description: > - The WP ERP plugin for WordPress is vulnerable to SQL Injection via the ‘vendor_id’ parameter in all versions up to, and including, 1.13.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Accounting Manager access (erp_ac_view_sales_summary capability) and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + The WP ERP plugin for WordPress is vulnerable to SQL Injection via the ‘vendor_id’ and 'status' parameter in all versions up to, and including, 1.13.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Accounting Manager access (erp_ac_view_sales_summary capability) and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/e23335c9-0830-4c6b-8e0d-6897a7176ba5?source=api-prod diff --git a/nuclei-templates/2024/CVE-2024-6883-60bd6a9f405aa3424be36169fb71a51f.yaml b/nuclei-templates/2024/CVE-2024-6883-60bd6a9f405aa3424be36169fb71a51f.yaml index 17bb1e2380..2d37e177c5 100644 --- a/nuclei-templates/2024/CVE-2024-6883-60bd6a9f405aa3424be36169fb71a51f.yaml +++ b/nuclei-templates/2024/CVE-2024-6883-60bd6a9f405aa3424be36169fb71a51f.yaml @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '*-4.10.46.decaf') \ No newline at end of file + - compare_versions(version, '<= 4.10.46.decaf') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-7094-4c00ff8bd19c22d3d4aad40ba954100c.yaml b/nuclei-templates/2024/CVE-2024-7094-4c00ff8bd19c22d3d4aad40ba954100c.yaml index f9f6654d91..24be33b03e 100644 --- a/nuclei-templates/2024/CVE-2024-7094-4c00ff8bd19c22d3d4aad40ba954100c.yaml +++ b/nuclei-templates/2024/CVE-2024-7094-4c00ff8bd19c22d3d4aad40ba954100c.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: critical description: > - The JS Help Desk – The Ultimate Help Desk & Support Plugin plugin for WordPress is vulnerable to PHP Code Injection leading to Remote Code Execution in all versions up to, and including, 2.8.6 via the 'storeTheme' function. This is due to a lack of sanitization on user-supplied values, which replace values in the style.php file, along with missing capability checks. This makes it possible for unauthenticated attackers to execute code on the server. This issue was partially patched in 2.8.6 when the code injection issue was resolved, and fully patched in 2.8.7 when the missing authorization and cross-site request forgery protection was added. + The JS Help Desk – The Ultimate Help Desk & Support Plugin plugin for WordPress is vulnerable to PHP Code Injection leading to Remote Code Execution in all versions up to, and including, 2.8.6 via the 'storeTheme' function. This is due to a lack of sanitization on user-supplied values, which replace values in the style.php file, along with missing capability checks. This makes it possible for unauthenticated attackers to execute code on the server. This issue was partially patched in 2.8.6 when the code injection issue was resolved, and fully patched in 2.8.7 when the missing authorization and cross-site request forgery protection was added. CVE-2024-43274 is likely a duplicate of this issue. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/31513f9e-6185-425b-9e7e-36f21f72d0a2?source=api-prod diff --git a/nuclei-templates/2024/CVE-2024-7390-c6e14cdb3bb6b824b90602f2e8d31a7e.yaml b/nuclei-templates/2024/CVE-2024-7390-c6e14cdb3bb6b824b90602f2e8d31a7e.yaml index a20bf536f1..d5d515aef6 100644 --- a/nuclei-templates/2024/CVE-2024-7390-c6e14cdb3bb6b824b90602f2e8d31a7e.yaml +++ b/nuclei-templates/2024/CVE-2024-7390-c6e14cdb3bb6b824b90602f2e8d31a7e.yaml @@ -2,11 +2,11 @@ id: CVE-2024-7390-c6e14cdb3bb6b824b90602f2e8d31a7e info: name: > - WP Testimonial Widget <= 3.0 - Missing Authorization + WP Testimonial Widget <= 3.1 - Missing Authorization author: topscoder severity: high description: > - The WP Testimonial Widget plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnSaveTestimonailOrder function in all versions up to, and including, 3.0. This makes it possible for unauthenticated attackers to change the order of testimonials. + The WP Testimonial Widget plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnSaveTestimonailOrder function in all versions up to, and including, 3.1. This makes it possible for unauthenticated attackers to change the order of testimonials. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/67eef869-a57f-40b5-b289-9353bf5b680a?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 3.0') \ No newline at end of file + - compare_versions(version, '<= 3.1') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-7420-5be6d8b9afb78ab58d15b1426a2e4662.yaml b/nuclei-templates/2024/CVE-2024-7420-5be6d8b9afb78ab58d15b1426a2e4662.yaml index e4716c9e00..8ccf1118b3 100644 --- a/nuclei-templates/2024/CVE-2024-7420-5be6d8b9afb78ab58d15b1426a2e4662.yaml +++ b/nuclei-templates/2024/CVE-2024-7420-5be6d8b9afb78ab58d15b1426a2e4662.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: medium description: > - The Insert PHP Code Snippet plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.6. This is due to missing or incorrect nonce validation in the /admin/snippets.php file. This makes it possible for unauthenticated attackers to activate/deactivate and delete code snippets via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + The Insert PHP Code Snippet plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.6. This is due to missing or incorrect nonce validation in the /admin/snippets.php file. This makes it possible for unauthenticated attackers to activate/deactivate and delete code snippets via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. CVE-2024-43275 appears to be a duplicate of this issue. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/88001f3c-f5cc-4051-a713-788014e2241a?source=api-prod diff --git a/nuclei-templates/2024/CVE-2024-7434-2c04ea7e352fe86e6adef7c9a7eed916.yaml b/nuclei-templates/2024/CVE-2024-7434-2c04ea7e352fe86e6adef7c9a7eed916.yaml index f88cc93519..022866e15c 100644 --- a/nuclei-templates/2024/CVE-2024-7434-2c04ea7e352fe86e6adef7c9a7eed916.yaml +++ b/nuclei-templates/2024/CVE-2024-7434-2c04ea7e352fe86e6adef7c9a7eed916.yaml @@ -2,11 +2,11 @@ id: CVE-2024-7434-2c04ea7e352fe86e6adef7c9a7eed916 info: name: > - UltraPress <= 1.2.1 - Authenticated (Contributor+) PHP Object Injection + UltraPress <= 1.2.2 - Authenticated (Contributor+) PHP Object Injection author: topscoder severity: low description: > - The UltraPress theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.1 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. + The UltraPress theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.2 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/c9cf97a6-38bb-4499-98f0-ca2b7111f654?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 1.2.1') \ No newline at end of file + - compare_versions(version, '<= 1.2.2') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-7568-03c9c97fbcce1159bd078f05cbf27da7.yaml b/nuclei-templates/2024/CVE-2024-7568-03c9c97fbcce1159bd078f05cbf27da7.yaml index d55119432d..d9b6994a34 100644 --- a/nuclei-templates/2024/CVE-2024-7568-03c9c97fbcce1159bd078f05cbf27da7.yaml +++ b/nuclei-templates/2024/CVE-2024-7568-03c9c97fbcce1159bd078f05cbf27da7.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: medium description: > - The Favicon Generator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the output_sub_admin_page_0 function. This makes it possible for unauthenticated attackers to delete arbitrary files on the server via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. The plugin author deleted the functionality of the plugin to patch this issue and close the plugin, we recommend seeking an alternative to this plugin. + The Favicon Generator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the output_sub_admin_page_0 function. This makes it possible for unauthenticated attackers to delete arbitrary files on the server via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. The plugin author deleted the functionality of the plugin to patch this issue and close the plugin, we recommend seeking an alternative to this plugin. CVE-2024-7864 appears to be a duplicate of this issue. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/6eb3ad80-3510-4018-91af-b733ef62e28f?source=api-prod diff --git a/nuclei-templates/2024/CVE-2024-7856-d011db87e0fcbee1bbbd734bfc806dcf.yaml b/nuclei-templates/2024/CVE-2024-7856-d011db87e0fcbee1bbbd734bfc806dcf.yaml index 1d4ab91acf..2e53a2ee5d 100644 --- a/nuclei-templates/2024/CVE-2024-7856-d011db87e0fcbee1bbbd734bfc806dcf.yaml +++ b/nuclei-templates/2024/CVE-2024-7856-d011db87e0fcbee1bbbd734bfc806dcf.yaml @@ -11,8 +11,8 @@ info: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/43adc9dd-1780-440f-90c2-ff05a22eb084?source=api-prod classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H - cvss-score: 9.1 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H + cvss-score: 8.1 cve-id: CVE-2024-7856 metadata: fofa-query: "wp-content/plugins/mp3-music-player-by-sonaar/" diff --git a/nuclei-templates/2024/CVE-2024-7857-a18aa7c9dff5c4191bbf30ebf29a07a1.yaml b/nuclei-templates/2024/CVE-2024-7857-a18aa7c9dff5c4191bbf30ebf29a07a1.yaml index 0d0661d5c9..74057b4553 100644 --- a/nuclei-templates/2024/CVE-2024-7857-a18aa7c9dff5c4191bbf30ebf29a07a1.yaml +++ b/nuclei-templates/2024/CVE-2024-7857-a18aa7c9dff5c4191bbf30ebf29a07a1.yaml @@ -11,8 +11,8 @@ info: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/d2266254-9281-4859-8630-f7bb5c0ead19?source=api-prod classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N + cvss-score: 6.5 cve-id: CVE-2024-7857 metadata: fofa-query: "wp-content/plugins/media-library-plus/" diff --git a/nuclei-templates/2024/CVE-2024-8239-c543313e973d5f22b67352b487c06362.yaml b/nuclei-templates/2024/CVE-2024-8239-c543313e973d5f22b67352b487c06362.yaml index 7380e0fc9e..9a8af3e504 100644 --- a/nuclei-templates/2024/CVE-2024-8239-c543313e973d5f22b67352b487c06362.yaml +++ b/nuclei-templates/2024/CVE-2024-8239-c543313e973d5f22b67352b487c06362.yaml @@ -2,11 +2,11 @@ id: CVE-2024-8239-c543313e973d5f22b67352b487c06362 info: name: > - Starbox <= 3.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting + Starbox <= 3.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Twitter URL Field author: topscoder severity: low description: > - The Starbox – the Author Box for Humans plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + The Starbox – the Author Box for Humans plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Twitter URL field in all versions up to, and including, 3.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/830ac75b-708a-435c-8837-b79a2f41575c?source=api-prod diff --git a/nuclei-templates/2024/CVE-2024-8484-aa460791f2945a38184b69190c213c98.yaml b/nuclei-templates/2024/CVE-2024-8484-aa460791f2945a38184b69190c213c98.yaml index 6b58baf52c..bf5b2d729e 100644 --- a/nuclei-templates/2024/CVE-2024-8484-aa460791f2945a38184b69190c213c98.yaml +++ b/nuclei-templates/2024/CVE-2024-8484-aa460791f2945a38184b69190c213c98.yaml @@ -2,11 +2,11 @@ id: CVE-2024-8484-aa460791f2945a38184b69190c213c98 info: name: > - REST API TO MiniProgram <= 4.7.1 - Unauthenticated SQL Injection + REST API TO MiniProgram <= 4.7.7 - Unauthenticated SQL Injection author: topscoder severity: critical description: > - The REST API TO MiniProgram plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the /wp-json/watch-life-net/v1/comment/getcomments REST API endpoint in all versions up to, and including, 4.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + The REST API TO MiniProgram plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the /wp-json/watch-life-net/v1/comment/getcomments REST API endpoint in all versions up to, and including, 4.7.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/6e0945eb-ceec-4536-822a-fe864c21b580?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 4.7.1') \ No newline at end of file + - compare_versions(version, '<= 4.7.7') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-8513-5cd96854e7f49190a1312224b1b72503.yaml b/nuclei-templates/2024/CVE-2024-8513-5cd96854e7f49190a1312224b1b72503.yaml index e0a6e0895f..aa7433e4cb 100644 --- a/nuclei-templates/2024/CVE-2024-8513-5cd96854e7f49190a1312224b1b72503.yaml +++ b/nuclei-templates/2024/CVE-2024-8513-5cd96854e7f49190a1312224b1b72503.yaml @@ -2,9 +2,9 @@ id: CVE-2024-8513-5cd96854e7f49190a1312224b1b72503 info: name: > - QA Analytics <= 4.1.1.1 - Missing Authorization to Authenticated (Subscriber+) Settings Update + QA Analytics <= 4.1.1.1 - Missing Authorization to Unauthenticated Settings Update author: topscoder - severity: low + severity: high description: > The QA Analytics – Web Analytics Tool with Heatmaps & Session Replay Across All Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_save_plugin_config() function in all versions up to, and including, 4.1.1.1. This makes it possible for unauthenticated attackers to update the plugin's settings. reference: @@ -18,7 +18,7 @@ info: fofa-query: "wp-content/plugins/qa-heatmap-analytics/" google-query: inurl:"/wp-content/plugins/qa-heatmap-analytics/" shodan-query: 'vuln:CVE-2024-8513' - tags: cve,wordpress,wp-plugin,qa-heatmap-analytics,low + tags: cve,wordpress,wp-plugin,qa-heatmap-analytics,high http: - method: GET diff --git a/nuclei-templates/2024/CVE-2024-8858-85931089ed9ebbb07f095bbb884fe4d0.yaml b/nuclei-templates/2024/CVE-2024-8858-85931089ed9ebbb07f095bbb884fe4d0.yaml index 6fa54c338f..ab59f5a8a2 100644 --- a/nuclei-templates/2024/CVE-2024-8858-85931089ed9ebbb07f095bbb884fe4d0.yaml +++ b/nuclei-templates/2024/CVE-2024-8858-85931089ed9ebbb07f095bbb884fe4d0.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: low description: > - The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘piechart_settings’ parameter in all versions up to, and including, 8.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘piechart_settings’ parameter in all versions up to, and including, 8.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2024-47303 is likely a duplicate of this issue. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/d3c2e5fe-cc02-479e-9f33-e1a783088596?source=api-prod diff --git a/nuclei-templates/2024/CVE-2024-9109-db046fec044ec68a48276b8ee3af3015.yaml b/nuclei-templates/2024/CVE-2024-9109-db046fec044ec68a48276b8ee3af3015.yaml index 3b8f461a8d..ac12cd627f 100644 --- a/nuclei-templates/2024/CVE-2024-9109-db046fec044ec68a48276b8ee3af3015.yaml +++ b/nuclei-templates/2024/CVE-2024-9109-db046fec044ec68a48276b8ee3af3015.yaml @@ -2,11 +2,11 @@ id: CVE-2024-9109-db046fec044ec68a48276b8ee3af3015 info: name: > - UPS Live Rates and Access Points <= 2.3.11 - Missing Authorization to Plugin API key reset + UPS Live Rates and Access Points <= 2.3.12 - Missing Authorization to Plugin API key reset author: topscoder severity: low description: > - The WooCommerce UPS Shipping – Live Rates and Access Points plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete_oauth_data function in all versions up to, and including, 2.3.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete the plugin's API key. + The WooCommerce UPS Shipping – Live Rates and Access Points plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete_oauth_data function in all versions up to, and including, 2.3.12. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete the plugin's API key. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/699fdea9-15ae-4882-9723-9a98d7d53c74?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 2.3.11') \ No newline at end of file + - compare_versions(version, '<= 2.3.12') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-9522-d0c5ac55227817c387ee5f62e0bc856b.yaml b/nuclei-templates/2024/CVE-2024-9522-d0c5ac55227817c387ee5f62e0bc856b.yaml index 1254483e1b..6ab11fac0f 100644 --- a/nuclei-templates/2024/CVE-2024-9522-d0c5ac55227817c387ee5f62e0bc856b.yaml +++ b/nuclei-templates/2024/CVE-2024-9522-d0c5ac55227817c387ee5f62e0bc856b.yaml @@ -2,7 +2,7 @@ id: CVE-2024-9522-d0c5ac55227817c387ee5f62e0bc856b info: name: > - WP Users Masquerade <= 2.0.0 - Authentication Bypass + WP Users Masquerade <= 2.0.0 - Authenticated (Subscriber+) Authentication Bypass author: topscoder severity: low description: > diff --git a/nuclei-templates/2024/CVE-2024-9529-bd5a598c6217ce611a9bf1c75a00caf7.yaml b/nuclei-templates/2024/CVE-2024-9529-bd5a598c6217ce611a9bf1c75a00caf7.yaml index 8e3ea86cca..6a98b11aa6 100644 --- a/nuclei-templates/2024/CVE-2024-9529-bd5a598c6217ce611a9bf1c75a00caf7.yaml +++ b/nuclei-templates/2024/CVE-2024-9529-bd5a598c6217ce611a9bf1c75a00caf7.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: low description: > - The Advanced Custom Fields (ACF) plugin for WordPress is vulnerable to limited arbitrary function calls via the 'register_meta_box_cb' and 'meta_box_cb' parameters in all versions up to, and including, 6.3.8 (excluding 6.3.6.2) due to insufficient input validation on those parameters. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary functions, like WordPress functions, in custom post types that will execute whenever a user accesses the injected post type. This can be leveraged to trick other users like administrators accessing posts into performing unauthorized actions through functions, and is not a very serious risk for the vast majority of site owners. Please follow the reference listed in this vulnerability record for instructions on how to update to the latest version of ACF that patches this issue and ensures accessibility to updates moving forward. Please note this issue was partially patched in 6.3.8 and 6.3.6.1, however, was hardened further in 6.3.6.2 and 6.3.9. + The Advanced Custom Fields (ACF) plugin for WordPress is vulnerable to limited arbitrary function calls via the 'register_meta_box_cb' and 'meta_box_cb' parameters in all versions up to, and including, 6.3.8 (excluding 6.3.6.2) due to insufficient input validation on those parameters. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary functions, like WordPress functions, in custom post types that will execute whenever a user accesses the injected post type. This can be leveraged to trick other users like administrators accessing posts into performing unauthorized actions through functions, and is not a very serious risk for the vast majority of site owners. Please follow the reference listed in this vulnerability record for instructions on how to update to the latest version of ACF that patches this issue and ensures accessibility to updates moving forward. Please note this issue was partially patched in 6.3.8 and 6.3.6.1 - 6.3.6.2, however, was hardened further in 6.3.6.3 and 6.3.9. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/afcbad6d-90ca-42cb-a69c-4e0bcc4606e0?source=api-prod @@ -15,17 +15,17 @@ info: cvss-score: 5.1 cve-id: CVE-2024-9529 metadata: - fofa-query: "wp-content/plugins/advanced-custom-fields/" - google-query: inurl:"/wp-content/plugins/advanced-custom-fields/" + fofa-query: "wp-content/plugins/advanced-custom-fields-pro/" + google-query: inurl:"/wp-content/plugins/advanced-custom-fields-pro/" shodan-query: 'vuln:CVE-2024-9529' - tags: cve,wordpress,wp-plugin,advanced-custom-fields,low + tags: cve,wordpress,wp-plugin,advanced-custom-fields-pro,low http: - method: GET redirects: true max-redirects: 3 path: - - "{{BaseURL}}/wp-content/plugins/advanced-custom-fields/readme.txt" + - "{{BaseURL}}/wp-content/plugins/advanced-custom-fields-pro/readme.txt" extractors: - type: regex @@ -51,7 +51,7 @@ http: - type: word words: - - "advanced-custom-fields" + - "advanced-custom-fields-pro" part: body - type: dsl diff --git a/nuclei-templates/2024/CVE-2024-9628-3d855d9a00666119c6c4dc4121ccafb1.yaml b/nuclei-templates/2024/CVE-2024-9628-3d855d9a00666119c6c4dc4121ccafb1.yaml index 8bab4dd831..e2839cc346 100644 --- a/nuclei-templates/2024/CVE-2024-9628-3d855d9a00666119c6c4dc4121ccafb1.yaml +++ b/nuclei-templates/2024/CVE-2024-9628-3d855d9a00666119c6c4dc4121ccafb1.yaml @@ -2,11 +2,11 @@ id: CVE-2024-9628-3d855d9a00666119c6c4dc4121ccafb1 info: name: > - WPS Telegram Chat <= 4.5.4 - Authenticated (Subscriber+) Unauthorized Access to Telegram Bot API + WPS Telegram Chat <= 4.6.0 - Authenticated (Subscriber+) Unauthorized Access to Telegram Bot API author: topscoder severity: low description: > - The WPS Telegram Chat plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'Wps_Telegram_Chat_Admin::checkСonnection' function in versions up to, and including, 4.5.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to have full access to the Telegram Bot API endpoint and communicate with it. + The WPS Telegram Chat plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'Wps_Telegram_Chat_Admin::checkСonnection' function in versions up to, and including, 4.6.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to have full access to the Telegram Bot API endpoint and communicate with it. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/c7f7e545-5e14-421e-90b4-bc54b23d0fe6?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 4.5.4') \ No newline at end of file + - compare_versions(version, '<= 4.6.0') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-9630-0ce85caa78ba4624e2a8716c2971cba8.yaml b/nuclei-templates/2024/CVE-2024-9630-0ce85caa78ba4624e2a8716c2971cba8.yaml index 31bab72262..700ce7f974 100644 --- a/nuclei-templates/2024/CVE-2024-9630-0ce85caa78ba4624e2a8716c2971cba8.yaml +++ b/nuclei-templates/2024/CVE-2024-9630-0ce85caa78ba4624e2a8716c2971cba8.yaml @@ -2,11 +2,11 @@ id: CVE-2024-9630-0ce85caa78ba4624e2a8716c2971cba8 info: name: > - WPS Telegram Chat <= 4.5.4 - Missing Authorization to Information Exposure + WPS Telegram Chat <= 4.6.0 - Missing Authorization to Information Exposure author: topscoder severity: high description: > - The WPS Telegram Chat plugin for WordPress is vulnerable to authorization bypass due to a missing capability check when accessing messages in versions up to, and including, 4.5.4. This makes it possible for unauthenticated attackers to view the messages that are sent through the Telegram Bot API. + The WPS Telegram Chat plugin for WordPress is vulnerable to authorization bypass due to a missing capability check when accessing messages in versions up to, and including, 4.6.0. This makes it possible for unauthenticated attackers to view the messages that are sent through the Telegram Bot API. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/86b9b17f-f819-4316-8565-4e7603cd5de7?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 4.5.4') \ No newline at end of file + - compare_versions(version, '<= 4.6.0') \ No newline at end of file diff --git a/nuclei-templates/2024/CVE-2024-9860-b04ee97e5d460a289f93568831e0cf5e.yaml b/nuclei-templates/2024/CVE-2024-9860-b04ee97e5d460a289f93568831e0cf5e.yaml index 92bd37d2f2..759ac97d69 100644 --- a/nuclei-templates/2024/CVE-2024-9860-b04ee97e5d460a289f93568831e0cf5e.yaml +++ b/nuclei-templates/2024/CVE-2024-9860-b04ee97e5d460a289f93568831e0cf5e.yaml @@ -11,8 +11,8 @@ info: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/968d5d31-2592-4bed-9d18-5877f0d6062e?source=api-prod classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L - cvss-score: 6.5 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L + cvss-score: 5.4 cve-id: CVE-2024-9860 metadata: fofa-query: "wp-content/plugins/bridge-core/" diff --git a/nuclei-templates/2024/CVE-2024-9863-c87082cf07c135fafcb187e887a8da89.yaml b/nuclei-templates/2024/CVE-2024-9863-c87082cf07c135fafcb187e887a8da89.yaml index 66f0731d9b..9fef863721 100644 --- a/nuclei-templates/2024/CVE-2024-9863-c87082cf07c135fafcb187e887a8da89.yaml +++ b/nuclei-templates/2024/CVE-2024-9863-c87082cf07c135fafcb187e887a8da89.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: critical description: > - The UserPro plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.6.0 due to the insecure 'administrator' default value for the 'default_user_role' option. This makes it possible for unauthenticated attackers to register an administrator user even if the registration form is disabled. + The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.6.0 due to the insecure 'administrator' default value for the 'default_user_role' option. This makes it possible for unauthenticated attackers to register an administrator user even if the registration form is disabled. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/f04eab14-dd86-4145-b5eb-20d064bc8417?source=api-prod diff --git a/nuclei-templates/2024/CVE-2024-9890-f52fa2cdcccb4a891e802de699a879b0.yaml b/nuclei-templates/2024/CVE-2024-9890-f52fa2cdcccb4a891e802de699a879b0.yaml index 36399acbca..bbd70f32b0 100644 --- a/nuclei-templates/2024/CVE-2024-9890-f52fa2cdcccb4a891e802de699a879b0.yaml +++ b/nuclei-templates/2024/CVE-2024-9890-f52fa2cdcccb4a891e802de699a879b0.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: low description: > - The User Toolkit plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.2.3. This is due to an improper capability check in the 'switchUser' function. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to log in as any existing user on the site, such as an administrator. + The User Toolkit plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.2.3. This is due to an improper capability check in the 'switchUser' function. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to log in as any existing user on the site, such as an administrator. CVE-2024-50503 may be a duplicate. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/805f18e2-9a5a-48cf-81f4-825da4bfd8ef?source=api-prod diff --git a/nuclei-templates/2024/CVE-2024-9937-9915217ba7d6f29cd232016898fb9998.yaml b/nuclei-templates/2024/CVE-2024-9937-9915217ba7d6f29cd232016898fb9998.yaml index 5ee194aa2d..cef4f378b7 100644 --- a/nuclei-templates/2024/CVE-2024-9937-9915217ba7d6f29cd232016898fb9998.yaml +++ b/nuclei-templates/2024/CVE-2024-9937-9915217ba7d6f29cd232016898fb9998.yaml @@ -2,11 +2,11 @@ id: CVE-2024-9937-9915217ba7d6f29cd232016898fb9998 info: name: > - Woo Manage Fraud Orders <= 6.1.7 - Reflected Cross-Site Scripting + Woo Manage Fraud Orders <= 2.6.1 - Reflected Cross-Site Scripting author: topscoder severity: medium description: > - The Woo Manage Fraud Orders plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 6.1.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + The Woo Manage Fraud Orders plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/fc8b0944-f669-40d3-899b-d7f91b1a1fea?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '<= 6.1.7') \ No newline at end of file + - compare_versions(version, '<= 2.6.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-0169-141bc5e320fd22b32bf2808a9dbba5a3.yaml b/nuclei-templates/2025/CVE-2025-0169-141bc5e320fd22b32bf2808a9dbba5a3.yaml new file mode 100644 index 0000000000..d60ef9346a --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-0169-141bc5e320fd22b32bf2808a9dbba5a3.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-0169-141bc5e320fd22b32bf2808a9dbba5a3 + +info: + name: > + DWT - Directory & Listing WordPress Theme <=3.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + The DWT - Directory & Listing WordPress Theme is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.3.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/be0c29a3-0b78-4259-a514-c3674d9d5d55?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-0169 + metadata: + fofa-query: "wp-content/themes/dwt-listing/" + google-query: inurl:"/wp-content/themes/dwt-listing/" + shodan-query: 'vuln:CVE-2025-0169' + tags: cve,wordpress,wp-theme,dwt-listing,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/dwt-listing/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dwt-listing" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.4') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-0170-79f8244c74377fd924eb1a0b5327b3aa.yaml b/nuclei-templates/2025/CVE-2025-0170-79f8244c74377fd924eb1a0b5327b3aa.yaml new file mode 100644 index 0000000000..53694dacee --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-0170-79f8244c74377fd924eb1a0b5327b3aa.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-0170-79f8244c74377fd924eb1a0b5327b3aa + +info: + name: > + DWT - Directory & Listing WordPress Theme <= 3.3.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The DWT - Directory & Listing WordPress Theme is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 3.3.3 due to insufficient input sanitization and output escaping on the 'sort_by' and 'token' parameters. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d607e7c0-7812-4c77-a763-6095677b3525?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-0170 + metadata: + fofa-query: "wp-content/themes/dwt-listing/" + google-query: inurl:"/wp-content/themes/dwt-listing/" + shodan-query: 'vuln:CVE-2025-0170' + tags: cve,wordpress,wp-theme,dwt-listing,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/dwt-listing/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dwt-listing" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.3') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-0215-0ca3b2b75e33545fbbd2f8439daf6c91.yaml b/nuclei-templates/2025/CVE-2025-0215-0ca3b2b75e33545fbbd2f8439daf6c91.yaml new file mode 100644 index 0000000000..6a79fa8d54 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-0215-0ca3b2b75e33545fbbd2f8439daf6c91.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-0215-0ca3b2b75e33545fbbd2f8439daf6c91 + +info: + name: > + UpdraftPlus - Backup/Restore <= 1.24.12 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the showdata and initiate_restore parameters in all versions up to, and including, 1.24.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick an admin user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/af568eea-59ce-467e-ba03-625d04d3db6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-0215 + metadata: + fofa-query: "wp-content/plugins/updraftplus/" + google-query: inurl:"/wp-content/plugins/updraftplus/" + shodan-query: 'vuln:CVE-2025-0215' + tags: cve,wordpress,wp-plugin,updraftplus,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/updraftplus/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "updraftplus" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.24.12') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-0308-6d3eeabd5fdf8218eec5d01356b368f0.yaml b/nuclei-templates/2025/CVE-2025-0308-6d3eeabd5fdf8218eec5d01356b368f0.yaml new file mode 100644 index 0000000000..0625aa4e14 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-0308-6d3eeabd5fdf8218eec5d01356b368f0.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-0308-6d3eeabd5fdf8218eec5d01356b368f0 + +info: + name: > + Ultimate Member <= 2.9.1 - Unauthenticated SQL Injection + author: topscoder + severity: critical + description: > + The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the search parameter in all versions up to, and including, 2.9.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e3e5bb98-2652-499a-b8cd-4ebfe1c1d890?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cve-id: CVE-2025-0308 + metadata: + fofa-query: "wp-content/plugins/ultimate-member/" + google-query: inurl:"/wp-content/plugins/ultimate-member/" + shodan-query: 'vuln:CVE-2025-0308' + tags: cve,wordpress,wp-plugin,ultimate-member,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-member/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-member" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-0311-62da5895fe828bb5634e95b6f9d35c28.yaml b/nuclei-templates/2025/CVE-2025-0311-62da5895fe828bb5634e95b6f9d35c28.yaml new file mode 100644 index 0000000000..4b1bcfdda3 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-0311-62da5895fe828bb5634e95b6f9d35c28.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-0311-62da5895fe828bb5634e95b6f9d35c28 + +info: + name: > + Orbit Fox by ThemeIsle <= 2.10.43 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pricing Table Widget + author: topscoder + severity: low + description: > + The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table widget in all versions up to, and including, 2.10.43 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9d17a3a0-3c09-4d67-96d6-d97bde92f100?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-0311 + metadata: + fofa-query: "wp-content/plugins/themeisle-companion/" + google-query: inurl:"/wp-content/plugins/themeisle-companion/" + shodan-query: 'vuln:CVE-2025-0311' + tags: cve,wordpress,wp-plugin,themeisle-companion,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/themeisle-companion/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "themeisle-companion" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.10.43') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-0316-eabaa8d2b429495392621b1d9e673f48.yaml b/nuclei-templates/2025/CVE-2025-0316-eabaa8d2b429495392621b1d9e673f48.yaml new file mode 100644 index 0000000000..95b106feb3 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-0316-eabaa8d2b429495392621b1d9e673f48.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-0316-eabaa8d2b429495392621b1d9e673f48 + +info: + name: > + WP Directorybox Manager <= 2.5 - Authentication Bypass + author: topscoder + severity: critical + description: > + The WP Directorybox Manager plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.5. This is due to incorrect authentication in the 'wp_dp_enquiry_agent_contact_form_submit_callback' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3ee1f412-7555-4dec-ba59-49412471a42f?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2025-0316 + metadata: + fofa-query: "wp-content/plugins/wp-directorybox-manager/" + google-query: inurl:"/wp-content/plugins/wp-directorybox-manager/" + shodan-query: 'vuln:CVE-2025-0316' + tags: cve,wordpress,wp-plugin,wp-directorybox-manager,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-directorybox-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-directorybox-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-0318-41f7a05564fd28e213efb13ce084d461.yaml b/nuclei-templates/2025/CVE-2025-0318-41f7a05564fd28e213efb13ce084d461.yaml new file mode 100644 index 0000000000..b217c6fed2 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-0318-41f7a05564fd28e213efb13ce084d461.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-0318-41f7a05564fd28e213efb13ce084d461 + +info: + name: > + Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin <= 2.9.1 - Information Exposure + author: topscoder + severity: medium + description: > + The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.9.1 through different error messages in the responses. This makes it possible for unauthenticated attackers to exfiltrate data from wp_usermeta table. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ee149bf-ffa3-4906-8be2-9c3c40b28287?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.3 + cve-id: CVE-2025-0318 + metadata: + fofa-query: "wp-content/plugins/ultimate-member/" + google-query: inurl:"/wp-content/plugins/ultimate-member/" + shodan-query: 'vuln:CVE-2025-0318' + tags: cve,wordpress,wp-plugin,ultimate-member,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-member/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-member" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-0321-37b0f29baa1d91e36ab0862cb60403a4.yaml b/nuclei-templates/2025/CVE-2025-0321-37b0f29baa1d91e36ab0862cb60403a4.yaml new file mode 100644 index 0000000000..e942fce6f5 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-0321-37b0f29baa1d91e36ab0862cb60403a4.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-0321-37b0f29baa1d91e36ab0862cb60403a4 + +info: + name: > + ElementsKit Pro <= 3.7.8 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via url Parameter + author: topscoder + severity: low + description: > + The ElementsKit Pro plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 3.7.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/204cfe20-9df1-4f6c-a38c-a21b43dde385?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-0321 + metadata: + fofa-query: "wp-content/plugins/elementskit/" + google-query: inurl:"/wp-content/plugins/elementskit/" + shodan-query: 'vuln:CVE-2025-0321' + tags: cve,wordpress,wp-plugin,elementskit,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/elementskit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "elementskit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.7.8') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-0350-bbacd91e739202fa0de99eeb44d48f32.yaml b/nuclei-templates/2025/CVE-2025-0350-bbacd91e739202fa0de99eeb44d48f32.yaml new file mode 100644 index 0000000000..4bb6aa0209 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-0350-bbacd91e739202fa0de99eeb44d48f32.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-0350-bbacd91e739202fa0de99eeb44d48f32 + +info: + name: > + Divi Carousel Lite <= 2.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Carousel and Logo Carousel Widgets + author: topscoder + severity: low + description: > + The Divi Carousel Maker – Image, Logo, Testimonial, Post Carousel & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Carousel and Logo Carousel in all versions up to, and including, 2.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e57a85b-3ea8-46df-ab60-ce835268b1f6?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-0350 + metadata: + fofa-query: "wp-content/plugins/wow-carousel-for-divi-lite/" + google-query: inurl:"/wp-content/plugins/wow-carousel-for-divi-lite/" + shodan-query: 'vuln:CVE-2025-0350' + tags: cve,wordpress,wp-plugin,wow-carousel-for-divi-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wow-carousel-for-divi-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wow-carousel-for-divi-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.4') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-0353-f62d2897a38afaa19d7deed43b8cff5c.yaml b/nuclei-templates/2025/CVE-2025-0353-f62d2897a38afaa19d7deed43b8cff5c.yaml new file mode 100644 index 0000000000..f6c300c66f --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-0353-f62d2897a38afaa19d7deed43b8cff5c.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-0353-f62d2897a38afaa19d7deed43b8cff5c + +info: + name: > + Divi Torque Lite <= 4.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets + author: topscoder + severity: low + description: > + The Divi Torque Lite – Best Divi Addon, Extensions, Modules & Social Modules plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including, 4.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d5810757-1866-4788-809f-2c68e16a5156?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-0353 + metadata: + fofa-query: "wp-content/plugins/addons-for-divi/" + google-query: inurl:"/wp-content/plugins/addons-for-divi/" + shodan-query: 'vuln:CVE-2025-0353' + tags: cve,wordpress,wp-plugin,addons-for-divi,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/addons-for-divi/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "addons-for-divi" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-0357-227029cd95964f5716b99f28c247cca0.yaml b/nuclei-templates/2025/CVE-2025-0357-227029cd95964f5716b99f28c247cca0.yaml new file mode 100644 index 0000000000..e5bdae26fa --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-0357-227029cd95964f5716b99f28c247cca0.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-0357-227029cd95964f5716b99f28c247cca0 + +info: + name: > + WPBookit <= 1.6.9 - Unauthenticated Arbitrary File Upload + author: topscoder + severity: critical + description: > + The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'WPB_Profile_controller::handle_image_upload' function in versions up to, and including, 1.6.9. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/19bf7a68-e76d-4740-9f35-b6084094f59b?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2025-0357 + metadata: + fofa-query: "wp-content/plugins/wpbookit/" + google-query: inurl:"/wp-content/plugins/wpbookit/" + shodan-query: 'vuln:CVE-2025-0357' + tags: cve,wordpress,wp-plugin,wpbookit,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpbookit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpbookit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.9') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-0365-c3576f64176e67a8cef2df14039bc34e.yaml b/nuclei-templates/2025/CVE-2025-0365-c3576f64176e67a8cef2df14039bc34e.yaml new file mode 100644 index 0000000000..940dccf17f --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-0365-c3576f64176e67a8cef2df14039bc34e.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-0365-c3576f64176e67a8cef2df14039bc34e + +info: + name: > + Jupiterx Core <= 4.8.7 - Authenticated (Contributor+) Arbitrary File Read + author: topscoder + severity: low + description: > + The Jupiter X Core plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 4.8.7 via the inline SVG feature. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d3bc5ef7-6825-463f-a3ce-d6ab1fc0e030?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N + cvss-score: 6.5 + cve-id: CVE-2025-0365 + metadata: + fofa-query: "wp-content/plugins/jupiterx-core/" + google-query: inurl:"/wp-content/plugins/jupiterx-core/" + shodan-query: 'vuln:CVE-2025-0365' + tags: cve,wordpress,wp-plugin,jupiterx-core,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jupiterx-core/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jupiterx-core" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.8.7') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-0366-95852eda91a19fa4b0a786e453f43fe4.yaml b/nuclei-templates/2025/CVE-2025-0366-95852eda91a19fa4b0a786e453f43fe4.yaml new file mode 100644 index 0000000000..85cd2232ad --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-0366-95852eda91a19fa4b0a786e453f43fe4.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-0366-95852eda91a19fa4b0a786e453f43fe4 + +info: + name: > + Jupiter X Core <= 4.8.7 - Authenticated (Contributor+) SVG Upload to Local File Inclusion (Remote Code Execution) + author: topscoder + severity: low + description: > + The Jupiter X Core plugin for WordPress is vulnerable to Local File Inclusion to Remote Code Execution in all versions up to, and including, 4.8.7 via the get_svg() function. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution. In this specific case, an attacker can create a form that allows SVG uploads, upload an SVG file with malicious content and then include the SVG file in a post to achieve remote code execution. This means it is relatively easy to gain remote code execution as a contributor-level user and above by default. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1a20dc1d-eb7c-47ac-ad9a-ec4c0d5db62e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2025-0366 + metadata: + fofa-query: "wp-content/plugins/jupiterx-core/" + google-query: inurl:"/wp-content/plugins/jupiterx-core/" + shodan-query: 'vuln:CVE-2025-0366' + tags: cve,wordpress,wp-plugin,jupiterx-core,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jupiterx-core/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jupiterx-core" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.8.7') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-0369-89e2200ee16815f39f8283fcf6142ad2.yaml b/nuclei-templates/2025/CVE-2025-0369-89e2200ee16815f39f8283fcf6142ad2.yaml new file mode 100644 index 0000000000..5f1aa874fa --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-0369-89e2200ee16815f39f8283fcf6142ad2.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-0369-89e2200ee16815f39f8283fcf6142ad2 + +info: + name: > + Jet Engine <= 3.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via list_tag Parameter + author: topscoder + severity: low + description: > + The JetEngine plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘list_tag’ parameter in all versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f27979a8-0e68-4a45-9e3e-3667d88361d8?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-0369 + metadata: + fofa-query: "wp-content/plugins/jet-engine/" + google-query: inurl:"/wp-content/plugins/jet-engine/" + shodan-query: 'vuln:CVE-2025-0369' + tags: cve,wordpress,wp-plugin,jet-engine,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jet-engine/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jet-engine" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6.2') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-0371-33ff7fb9be2c5f739784e673f6c3f6f3.yaml b/nuclei-templates/2025/CVE-2025-0371-33ff7fb9be2c5f739784e673f6c3f6f3.yaml new file mode 100644 index 0000000000..f675f5b4a4 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-0371-33ff7fb9be2c5f739784e673f6c3f6f3.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-0371-33ff7fb9be2c5f739784e673f6c3f6f3 + +info: + name: > + Jet Elements <= 2.7.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets + author: topscoder + severity: low + description: > + The JetElements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including, 2.7.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ded2f366-375c-4cf6-9cbd-c969a3b3d6d5?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-0371 + metadata: + fofa-query: "wp-content/plugins/jet-elements/" + google-query: inurl:"/wp-content/plugins/jet-elements/" + shodan-query: 'vuln:CVE-2025-0371' + tags: cve,wordpress,wp-plugin,jet-elements,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jet-elements/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jet-elements" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.2.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-0393-319688187a3ed6f4d95097eafca0272e.yaml b/nuclei-templates/2025/CVE-2025-0393-319688187a3ed6f4d95097eafca0272e.yaml new file mode 100644 index 0000000000..b65b52e9d2 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-0393-319688187a3ed6f4d95097eafca0272e.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-0393-319688187a3ed6f4d95097eafca0272e + +info: + name: > + Royal Elementor Addons and Templates <= 1.7.1006 - Cross-Site Request Forgery to Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.1006. This is due to missing or incorrect nonce validation on the wpr_filter_grid_posts() function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a8e34c05-7431-4acd-91f3-aab5e66f61ad?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-0393 + metadata: + fofa-query: "wp-content/plugins/royal-elementor-addons/" + google-query: inurl:"/wp-content/plugins/royal-elementor-addons/" + shodan-query: 'vuln:CVE-2025-0393' + tags: cve,wordpress,wp-plugin,royal-elementor-addons,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/royal-elementor-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "royal-elementor-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.1006') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-0394-4cce471aebb68ba3d99c332bb70a5d4d.yaml b/nuclei-templates/2025/CVE-2025-0394-4cce471aebb68ba3d99c332bb70a5d4d.yaml new file mode 100644 index 0000000000..b1b0066f5a --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-0394-4cce471aebb68ba3d99c332bb70a5d4d.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-0394-4cce471aebb68ba3d99c332bb70a5d4d + +info: + name: > + Groundhogg <= 3.7.3.5 - Authenticated (Author+) Arbitrary File Upload via gh_big_file_upload Function + author: topscoder + severity: low + description: > + The WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the gh_big_file_upload() function in all versions up to, and including, 3.7.3.5. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b2cf3b85-2e2d-43dc-9877-9a740d4fd2fb?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2025-0394 + metadata: + fofa-query: "wp-content/plugins/groundhogg/" + google-query: inurl:"/wp-content/plugins/groundhogg/" + shodan-query: 'vuln:CVE-2025-0394' + tags: cve,wordpress,wp-plugin,groundhogg,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/groundhogg/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "groundhogg" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.7.3.5') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-0428-c7d55845af777ff65fe134af42665855.yaml b/nuclei-templates/2025/CVE-2025-0428-c7d55845af777ff65fe134af42665855.yaml new file mode 100644 index 0000000000..9560082b59 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-0428-c7d55845af777ff65fe134af42665855.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-0428-c7d55845af777ff65fe134af42665855 + +info: + name: > + AI Power: Complete AI Pack <= 1.8.96 - Authenticated (Admin+) PHP Object Injection via wpaicg_export_prompts + author: topscoder + severity: low + description: > + The "AI Power: Complete AI Pack" plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.8.96 via deserialization of untrusted input from the $form['post_content'] variable through the wpaicg_export_prompts function. This allows authenticated attackers, with administrative privileges, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/66a3abc1-0508-4ce3-952b-7dbf3738879a?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H + cvss-score: 7.2 + cve-id: CVE-2025-0428 + metadata: + fofa-query: "wp-content/plugins/gpt3-ai-content-generator/" + google-query: inurl:"/wp-content/plugins/gpt3-ai-content-generator/" + shodan-query: 'vuln:CVE-2025-0428' + tags: cve,wordpress,wp-plugin,gpt3-ai-content-generator,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gpt3-ai-content-generator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gpt3-ai-content-generator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.96') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-0429-05d687d5854028430b57f0a8a373aa66.yaml b/nuclei-templates/2025/CVE-2025-0429-05d687d5854028430b57f0a8a373aa66.yaml new file mode 100644 index 0000000000..4e8c50455a --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-0429-05d687d5854028430b57f0a8a373aa66.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-0429-05d687d5854028430b57f0a8a373aa66 + +info: + name: > + AI Power: Complete AI Pack <= 1.8.96 - Authenticated (Admin+) PHP Object Injection via wpaicg_export_ai_forms + author: topscoder + severity: low + description: > + The "AI Power: Complete AI Pack" plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.8.96 via deserialization of untrusted input from the $form['post_content'] variable through the wpaicg_export_ai_forms() function. This allows authenticated attackers, with administrative privileges, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bb927aba-a96d-47b9-ba35-60945ea5cfe5?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H + cvss-score: 7.2 + cve-id: CVE-2025-0429 + metadata: + fofa-query: "wp-content/plugins/gpt3-ai-content-generator/" + google-query: inurl:"/wp-content/plugins/gpt3-ai-content-generator/" + shodan-query: 'vuln:CVE-2025-0429' + tags: cve,wordpress,wp-plugin,gpt3-ai-content-generator,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gpt3-ai-content-generator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gpt3-ai-content-generator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.96') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-0450-e25aabd20c064e5b847d1b031b420a3e.yaml b/nuclei-templates/2025/CVE-2025-0450-e25aabd20c064e5b847d1b031b420a3e.yaml new file mode 100644 index 0000000000..a9b69399ee --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-0450-e25aabd20c064e5b847d1b031b420a3e.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-0450-e25aabd20c064e5b847d1b031b420a3e + +info: + name: > + Betheme <= 27.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom JS + author: topscoder + severity: low + description: > + The Betheme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom JS functionality in all versions up to, and including, 27.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/340c14ea-70b9-4f60-84b3-97328432f110?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-0450 + metadata: + fofa-query: "wp-content/themes/betheme/" + google-query: inurl:"/wp-content/themes/betheme/" + shodan-query: 'vuln:CVE-2025-0450' + tags: cve,wordpress,wp-theme,betheme,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/betheme/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "betheme" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 27.6.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-0470-5bc97b2983cc631f5d72e107fd6f78df.yaml b/nuclei-templates/2025/CVE-2025-0470-5bc97b2983cc631f5d72e107fd6f78df.yaml new file mode 100644 index 0000000000..774ffedf00 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-0470-5bc97b2983cc631f5d72e107fd6f78df.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-0470-5bc97b2983cc631f5d72e107fd6f78df + +info: + name: > + Forminator <= 1.38.2 - Reflected Cross-Site Scripting via Title Parameter + author: topscoder + severity: medium + description: > + The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the title parameter in all versions up to, and including, 1.38.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f5281d4b-c2cd-4972-b837-e101a8893c6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-0470 + metadata: + fofa-query: "wp-content/plugins/forminator/" + google-query: inurl:"/wp-content/plugins/forminator/" + shodan-query: 'vuln:CVE-2025-0470' + tags: cve,wordpress,wp-plugin,forminator,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/forminator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "forminator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.38.2') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-0493-5600c99d41a32e7dea378f143c857a2f.yaml b/nuclei-templates/2025/CVE-2025-0493-5600c99d41a32e7dea378f143c857a2f.yaml new file mode 100644 index 0000000000..65ba570d53 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-0493-5600c99d41a32e7dea378f143c857a2f.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-0493-5600c99d41a32e7dea378f143c857a2f + +info: + name: > + MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution <= 4.2.14 - Unauthenticated Limited Local File Inclusion + author: topscoder + severity: critical + description: > + The MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Limited Local File Inclusion in all versions up to, and including, 4.2.14 via the tabname parameter. This makes it possible for unauthenticated attackers to include PHP files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where PHP files can be uploaded and included + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/812029d9-95d6-4bc9-98b2-700f462163b3?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2025-0493 + metadata: + fofa-query: "wp-content/plugins/dc-woocommerce-multi-vendor/" + google-query: inurl:"/wp-content/plugins/dc-woocommerce-multi-vendor/" + shodan-query: 'vuln:CVE-2025-0493' + tags: cve,wordpress,wp-plugin,dc-woocommerce-multi-vendor,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dc-woocommerce-multi-vendor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dc-woocommerce-multi-vendor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2.14') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-0507-b891ad29b00c36d7e9e6e207ca90983f.yaml b/nuclei-templates/2025/CVE-2025-0507-b891ad29b00c36d7e9e6e207ca90983f.yaml new file mode 100644 index 0000000000..2095abc7dc --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-0507-b891ad29b00c36d7e9e6e207ca90983f.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-0507-b891ad29b00c36d7e9e6e207ca90983f + +info: + name: > + Ticketmeo – Sell Tickets – Event Ticketing <= 2.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + The Ticketmeo – Sell Tickets – Event Ticketing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 2.3.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/149edbdf-4a27-4d79-8dd1-b5b3efbf648b?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-0507 + metadata: + fofa-query: "wp-content/plugins/ploxel/" + google-query: inurl:"/wp-content/plugins/ploxel/" + shodan-query: 'vuln:CVE-2025-0507' + tags: cve,wordpress,wp-plugin,ploxel,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ploxel/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ploxel" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.6') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-0515-ebd8baa03908a92a78ba070b71ebae6d.yaml b/nuclei-templates/2025/CVE-2025-0515-ebd8baa03908a92a78ba070b71ebae6d.yaml new file mode 100644 index 0000000000..50eecea743 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-0515-ebd8baa03908a92a78ba070b71ebae6d.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-0515-ebd8baa03908a92a78ba070b71ebae6d + +info: + name: > + Buzz Club – Night Club, DJ and Music Festival Event WordPress Theme <= 2.0.4 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary Option Update + author: topscoder + severity: low + description: > + The Buzz Club – Night Club, DJ and Music Festival Event WordPress Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'cmsmasters_hide_admin_notice' function in all versions up to, and including, 2.0.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update option values to 'hide' on the WordPress site. This can be leveraged to update an option that would create an error on the site and deny service to legitimate users or be used to set some values to true such as registration. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/44ad056b-8995-4068-8b05-4fefb8d2ff0a?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2025-0515 + metadata: + fofa-query: "wp-content/themes/buzzclub/" + google-query: inurl:"/wp-content/themes/buzzclub/" + shodan-query: 'vuln:CVE-2025-0515' + tags: cve,wordpress,wp-theme,buzzclub,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/buzzclub/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "buzzclub" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.4') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-0554-ff5a35b26e55949845e1e2e10e3d177b.yaml b/nuclei-templates/2025/CVE-2025-0554-ff5a35b26e55949845e1e2e10e3d177b.yaml new file mode 100644 index 0000000000..4314bcb8c4 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-0554-ff5a35b26e55949845e1e2e10e3d177b.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-0554-ff5a35b26e55949845e1e2e10e3d177b + +info: + name: > + Podlove Podcast Publisher <= 4.1.25 - Authenticated (Admin+) Stored Cross-Site Scripting via Feed Name + author: topscoder + severity: low + description: > + The Podlove Podcast Publisher plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Feed Name value in version <= 4.1.25 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39d41772-49f3-4bce-a170-cbe64ba99184?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N + cvss-score: 4.4 + cve-id: CVE-2025-0554 + metadata: + fofa-query: "wp-content/plugins/podlove-podcasting-plugin-for-wordpress/" + google-query: inurl:"/wp-content/plugins/podlove-podcasting-plugin-for-wordpress/" + shodan-query: 'vuln:CVE-2025-0554' + tags: cve,wordpress,wp-plugin,podlove-podcasting-plugin-for-wordpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/podlove-podcasting-plugin-for-wordpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "podlove-podcasting-plugin-for-wordpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.25') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-0682-08b4644a51dbb68b6e5be096e26096dd.yaml b/nuclei-templates/2025/CVE-2025-0682-08b4644a51dbb68b6e5be096e26096dd.yaml new file mode 100644 index 0000000000..a34160c538 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-0682-08b4644a51dbb68b6e5be096e26096dd.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-0682-08b4644a51dbb68b6e5be096e26096dd + +info: + name: > + ThemeREX Addons <= 2.33.0 - Authenticated (Contributor+) Local File Inclusion via Shortcode + author: topscoder + severity: low + description: > + The ThemeREX Addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.33.0 via the 'trx_sc_reviews' shortcode 'type' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be uploaded and included. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/15a9718f-f877-4e33-8f7a-950791c4ca85?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2025-0682 + metadata: + fofa-query: "wp-content/plugins/trx_addons/" + google-query: inurl:"/wp-content/plugins/trx_addons/" + shodan-query: 'vuln:CVE-2025-0682' + tags: cve,wordpress,wp-plugin,trx_addons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/trx_addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "trx_addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.33.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-0804-4ce26d544d21a3d5aac0280dcc431b2b.yaml b/nuclei-templates/2025/CVE-2025-0804-4ce26d544d21a3d5aac0280dcc431b2b.yaml new file mode 100644 index 0000000000..7527814b1e --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-0804-4ce26d544d21a3d5aac0280dcc431b2b.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-0804-4ce26d544d21a3d5aac0280dcc431b2b + +info: + name: > + ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages <= 2.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via link titles in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bf41b5e1-610e-4159-9325-f7a694380050?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-0804 + metadata: + fofa-query: "wp-content/plugins/clickwhale/" + google-query: inurl:"/wp-content/plugins/clickwhale/" + shodan-query: 'vuln:CVE-2025-0804' + tags: cve,wordpress,wp-plugin,clickwhale,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/clickwhale/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "clickwhale" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-0809-ac7824c033aac6382627c539a2f8482a.yaml b/nuclei-templates/2025/CVE-2025-0809-ac7824c033aac6382627c539a2f8482a.yaml new file mode 100644 index 0000000000..57c7137260 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-0809-ac7824c033aac6382627c539a2f8482a.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-0809-ac7824c033aac6382627c539a2f8482a + +info: + name: > + Link Fixer <= 3.4 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + The Link Fixer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via broken links in all versions up to, and including, 3.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/37198f2f-2b45-40d3-b4ae-aa94213996bd?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N + cvss-score: 7.2 + cve-id: CVE-2025-0809 + metadata: + fofa-query: "wp-content/plugins/permalink-finder/" + google-query: inurl:"/wp-content/plugins/permalink-finder/" + shodan-query: 'vuln:CVE-2025-0809' + tags: cve,wordpress,wp-plugin,permalink-finder,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/permalink-finder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "permalink-finder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-0859-bd3ad8c154b453993df32d262ffad4f4.yaml b/nuclei-templates/2025/CVE-2025-0859-bd3ad8c154b453993df32d262ffad4f4.yaml new file mode 100644 index 0000000000..4e23076be4 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-0859-bd3ad8c154b453993df32d262ffad4f4.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-0859-bd3ad8c154b453993df32d262ffad4f4 + +info: + name: > + Post and Page Builder by BoldGrid <= 1.27.6 - Path Traversal to Authenticated (Contributor+) Arbitrary File Read via template_via_url Function + author: topscoder + severity: low + description: > + The Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.27.6 via the template_via_url() function. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/111a1e7f-bc87-4130-a0b2-422d0f98afb6?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N + cvss-score: 6.5 + cve-id: CVE-2025-0859 + metadata: + fofa-query: "wp-content/plugins/post-and-page-builder/" + google-query: inurl:"/wp-content/plugins/post-and-page-builder/" + shodan-query: 'vuln:CVE-2025-0859' + tags: cve,wordpress,wp-plugin,post-and-page-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/post-and-page-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "post-and-page-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.27.6') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-0860-f040cc83f42ed788c250406ecfef9867.yaml b/nuclei-templates/2025/CVE-2025-0860-f040cc83f42ed788c250406ecfef9867.yaml new file mode 100644 index 0000000000..e82283472e --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-0860-f040cc83f42ed788c250406ecfef9867.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-0860-f040cc83f42ed788c250406ecfef9867 + +info: + name: > + VR-Frases (collect & share quotes) <= 3.0.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The VR-Frases (collect & share quotes) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via several parameters in all versions up to, and including, 3.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f5ea3e03-fafa-431e-b1fe-a527f491da79?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-0860 + metadata: + fofa-query: "wp-content/plugins/vr-frases/" + google-query: inurl:"/wp-content/plugins/vr-frases/" + shodan-query: 'vuln:CVE-2025-0860' + tags: cve,wordpress,wp-plugin,vr-frases,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/vr-frases/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "vr-frases" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-0861-8edddce15d7569491e9d5b22f627b959.yaml b/nuclei-templates/2025/CVE-2025-0861-8edddce15d7569491e9d5b22f627b959.yaml new file mode 100644 index 0000000000..2143d25729 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-0861-8edddce15d7569491e9d5b22f627b959.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-0861-8edddce15d7569491e9d5b22f627b959 + +info: + name: > + VR-Frases (collect & share quotes) <= 3.0.1 - Authenticated (Admin+) SQL Injection + author: topscoder + severity: low + description: > + The VR-Frases (collect & share quotes) plugin for WordPress is vulnerable to SQL Injection via several parameters in all versions up to, and including, 3.0.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1d9d5afb-d38d-442c-8511-f1683739a1da?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N + cvss-score: 4.9 + cve-id: CVE-2025-0861 + metadata: + fofa-query: "wp-content/plugins/vr-frases/" + google-query: inurl:"/wp-content/plugins/vr-frases/" + shodan-query: 'vuln:CVE-2025-0861' + tags: cve,wordpress,wp-plugin,vr-frases,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/vr-frases/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "vr-frases" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-0939-ed6443038bcde34520605b81c9b1da64.yaml b/nuclei-templates/2025/CVE-2025-0939-ed6443038bcde34520605b81c9b1da64.yaml new file mode 100644 index 0000000000..d243bebbf6 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-0939-ed6443038bcde34520605b81c9b1da64.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-0939-ed6443038bcde34520605b81c9b1da64 + +info: + name: > + MagicForm - WordPress Form Builder <= 1.6.2 - Missing Authorization + author: topscoder + severity: low + description: > + The MagicForm plugin for WordPress is vulnerable to access and modification of data due to a missing capability check on the plugin's AJAX actions in all versions up to, and including, 1.6.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to invoke those actions in order to delete or view logs, modify forms or modify plugin settings. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/aa3497ae-7f3a-4e67-ad7a-77b50dccaf3b?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L + cvss-score: 6.3 + cve-id: CVE-2025-0939 + metadata: + fofa-query: "wp-content/plugins/magicform/" + google-query: inurl:"/wp-content/plugins/magicform/" + shodan-query: 'vuln:CVE-2025-0939' + tags: cve,wordpress,wp-plugin,magicform,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/magicform/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "magicform" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.2') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-1028-08322553d3da7ace8191edb7d3c3452f.yaml b/nuclei-templates/2025/CVE-2025-1028-08322553d3da7ace8191edb7d3c3452f.yaml new file mode 100644 index 0000000000..e32935d71a --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-1028-08322553d3da7ace8191edb7d3c3452f.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-1028-08322553d3da7ace8191edb7d3c3452f + +info: + name: > + Contact Manager <= 8.6.4 - Unauthenticated Arbitrary Double File Extension Upload + author: topscoder + severity: high + description: > + The Contact Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the contact form upload feature in all versions up to, and including, 8.6.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible in specific configurations where the first extension is processed over the final. This vulnerability also requires successfully exploiting a race condition in order to exploit. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b6f51a8e-4a59-4b64-b0c6-2ce3933a1df5?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.1 + cve-id: CVE-2025-1028 + metadata: + fofa-query: "wp-content/plugins/contact-manager/" + google-query: inurl:"/wp-content/plugins/contact-manager/" + shodan-query: 'vuln:CVE-2025-1028' + tags: cve,wordpress,wp-plugin,contact-manager,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.6.4') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-1061-34ef2765ce44b578d9e2a79254fb7934.yaml b/nuclei-templates/2025/CVE-2025-1061-34ef2765ce44b578d9e2a79254fb7934.yaml new file mode 100644 index 0000000000..01d9636806 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-1061-34ef2765ce44b578d9e2a79254fb7934.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-1061-34ef2765ce44b578d9e2a79254fb7934 + +info: + name: > + Nextend Social Login Pro <= 3.1.16 - Authentication Bypass via Apple OAuth provider + author: topscoder + severity: critical + description: > + The Nextend Social Login Pro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.1.16. This is due to insufficient verification on the user being supplied during the Apple OAuth authenticate request through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6494e54c-db04-41f9-8b91-6ad12528cf01?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2025-1061 + metadata: + fofa-query: "wp-content/plugins/nextend-social-login-pro/" + google-query: inurl:"/wp-content/plugins/nextend-social-login-pro/" + shodan-query: 'vuln:CVE-2025-1061' + tags: cve,wordpress,wp-plugin,nextend-social-login-pro,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nextend-social-login-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nextend-social-login-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.16') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22260-a0c885b01e5d18daa1a4492536fea7ba.yaml b/nuclei-templates/2025/CVE-2025-22260-a0c885b01e5d18daa1a4492536fea7ba.yaml new file mode 100644 index 0000000000..2eac449d8d --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22260-a0c885b01e5d18daa1a4492536fea7ba.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22260-a0c885b01e5d18daa1a4492536fea7ba + +info: + name: > + Meta Tag Manager <= 3.1 - Missing Authorization + author: topscoder + severity: low + description: > + The Meta Tag Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9ba40bde-7926-4aa5-a282-8543aea23381?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2025-22260 + metadata: + fofa-query: "wp-content/plugins/meta-tag-manager/" + google-query: inurl:"/wp-content/plugins/meta-tag-manager/" + shodan-query: 'vuln:CVE-2025-22260' + tags: cve,wordpress,wp-plugin,meta-tag-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/meta-tag-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "meta-tag-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22261-cb746032c4d69b6ebbd2076126abb470.yaml b/nuclei-templates/2025/CVE-2025-22261-cb746032c4d69b6ebbd2076126abb470.yaml new file mode 100644 index 0000000000..beb9d53132 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22261-cb746032c4d69b6ebbd2076126abb470.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22261-cb746032c4d69b6ebbd2076126abb470 + +info: + name: > + WP FullCalendar <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The WP FullCalendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/44d1c85a-9a19-4962-9db3-539fa5702d2f?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22261 + metadata: + fofa-query: "wp-content/plugins/wp-fullcalendar/" + google-query: inurl:"/wp-content/plugins/wp-fullcalendar/" + shodan-query: 'vuln:CVE-2025-22261' + tags: cve,wordpress,wp-plugin,wp-fullcalendar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-fullcalendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-fullcalendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22262-ea68da400976f94c45dc3c23d2692814.yaml b/nuclei-templates/2025/CVE-2025-22262-ea68da400976f94c45dc3c23d2692814.yaml new file mode 100644 index 0000000000..628b728098 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22262-ea68da400976f94c45dc3c23d2692814.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22262-ea68da400976f94c45dc3c23d2692814 + +info: + name: > + Bonjour Bar <= 1.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Bonjour Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/98dcf0a0-7310-41b4-b622-092ed689159a?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N + cvss-score: 4.4 + cve-id: CVE-2025-22262 + metadata: + fofa-query: "wp-content/plugins/bonjour-bar/" + google-query: inurl:"/wp-content/plugins/bonjour-bar/" + shodan-query: 'vuln:CVE-2025-22262' + tags: cve,wordpress,wp-plugin,bonjour-bar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bonjour-bar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bonjour-bar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22267-9591e0f49c578cb7bc93dc9a0babf0b9.yaml b/nuclei-templates/2025/CVE-2025-22267-9591e0f49c578cb7bc93dc9a0babf0b9.yaml new file mode 100644 index 0000000000..e330518bac --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22267-9591e0f49c578cb7bc93dc9a0babf0b9.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22267-9591e0f49c578cb7bc93dc9a0babf0b9 + +info: + name: > + Weaver Themes Shortcode Compatibility <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Weaver Themes Shortcode Compatibility plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/baad17ba-4ea0-44d7-8665-91d7fc63678f?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22267 + metadata: + fofa-query: "wp-content/plugins/weaver-themes-shortcode-compatibility/" + google-query: inurl:"/wp-content/plugins/weaver-themes-shortcode-compatibility/" + shodan-query: 'vuln:CVE-2025-22267' + tags: cve,wordpress,wp-plugin,weaver-themes-shortcode-compatibility,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/weaver-themes-shortcode-compatibility/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "weaver-themes-shortcode-compatibility" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.4') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22276-195d6269ea99d2b72cd656417f8fddf8.yaml b/nuclei-templates/2025/CVE-2025-22276-195d6269ea99d2b72cd656417f8fddf8.yaml new file mode 100644 index 0000000000..5a7c5d9701 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22276-195d6269ea99d2b72cd656417f8fddf8.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22276-195d6269ea99d2b72cd656417f8fddf8 + +info: + name: > + Related Post Shortcode <= 1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Related Post Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4325d9ce-35a2-4ee8-99cc-39c04d624e81?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N + cvss-score: 4.4 + cve-id: CVE-2025-22276 + metadata: + fofa-query: "wp-content/plugins/related-post-shortcode/" + google-query: inurl:"/wp-content/plugins/related-post-shortcode/" + shodan-query: 'vuln:CVE-2025-22276' + tags: cve,wordpress,wp-plugin,related-post-shortcode,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/related-post-shortcode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "related-post-shortcode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22293-4558b111403683a979c235a92231a6c8.yaml b/nuclei-templates/2025/CVE-2025-22293-4558b111403683a979c235a92231a6c8.yaml new file mode 100644 index 0000000000..b36e328f26 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22293-4558b111403683a979c235a92231a6c8.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22293-4558b111403683a979c235a92231a6c8 + +info: + name: > + Gutentor <= 3.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Gutentor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.4.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/32d341a8-b32f-4e38-8b9c-c483810b1f3a?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22293 + metadata: + fofa-query: "wp-content/plugins/gutentor/" + google-query: inurl:"/wp-content/plugins/gutentor/" + shodan-query: 'vuln:CVE-2025-22293' + tags: cve,wordpress,wp-plugin,gutentor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gutentor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gutentor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.3') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22294-997724e69d6ce4b1e4a6885788e9ebd6.yaml b/nuclei-templates/2025/CVE-2025-22294-997724e69d6ce4b1e4a6885788e9ebd6.yaml new file mode 100644 index 0000000000..2eaac714f7 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22294-997724e69d6ce4b1e4a6885788e9ebd6.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22294-997724e69d6ce4b1e4a6885788e9ebd6 + +info: + name: > + Custom Field For WP Job Manager <= 1.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Custom Field For WP Job Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e3d040ca-c1cd-44e9-a916-37572fbade74?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-22294 + metadata: + fofa-query: "wp-content/plugins/custom-field-for-wp-job-manager/" + google-query: inurl:"/wp-content/plugins/custom-field-for-wp-job-manager/" + shodan-query: 'vuln:CVE-2025-22294' + tags: cve,wordpress,wp-plugin,custom-field-for-wp-job-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-field-for-wp-job-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-field-for-wp-job-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22295-bcade5cb35be6e5f78527c62cca5ade1.yaml b/nuclei-templates/2025/CVE-2025-22295-bcade5cb35be6e5f78527c62cca5ade1.yaml new file mode 100644 index 0000000000..06fcc99f24 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22295-bcade5cb35be6e5f78527c62cca5ade1.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22295-bcade5cb35be6e5f78527c62cca5ade1 + +info: + name: > + WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto <= 8.0.6 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + The WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 8.0.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c2059b3f-2fbc-4dbb-b8f8-4dddb5320455?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N + cvss-score: 7.2 + cve-id: CVE-2025-22295 + metadata: + fofa-query: "wp-content/plugins/tripetto/" + google-query: inurl:"/wp-content/plugins/tripetto/" + shodan-query: 'vuln:CVE-2025-22295' + tags: cve,wordpress,wp-plugin,tripetto,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tripetto/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tripetto" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.0.6') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22296-8ca01cb18bc2f49ed52913e75334023d.yaml b/nuclei-templates/2025/CVE-2025-22296-8ca01cb18bc2f49ed52913e75334023d.yaml new file mode 100644 index 0000000000..e602e2292f --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22296-8ca01cb18bc2f49ed52913e75334023d.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22296-8ca01cb18bc2f49ed52913e75334023d + +info: + name: > + Hash Elements <= 1.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Hash Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.4.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/246e227f-a22d-43bb-8bd0-63d9b4803f26?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22296 + metadata: + fofa-query: "wp-content/plugins/hash-elements/" + google-query: inurl:"/wp-content/plugins/hash-elements/" + shodan-query: 'vuln:CVE-2025-22296' + tags: cve,wordpress,wp-plugin,hash-elements,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/hash-elements/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "hash-elements" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.9') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22297-8c24c97bc56e065b01f4c64eb0305536.yaml b/nuclei-templates/2025/CVE-2025-22297-8c24c97bc56e065b01f4c64eb0305536.yaml new file mode 100644 index 0000000000..a896ca5af0 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22297-8c24c97bc56e065b01f4c64eb0305536.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22297-8c24c97bc56e065b01f4c64eb0305536 + +info: + name: > + AI WP Writer <= 3.8.4.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + The AI WP Writer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.8.4.4. This is due to missing or incorrect nonce validation on the options() function. This makes it possible for unauthenticated attackers to update settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ff4895bb-b353-423c-a135-bf504ad77e53?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2025-22297 + metadata: + fofa-query: "wp-content/plugins/ai-wp-writer/" + google-query: inurl:"/wp-content/plugins/ai-wp-writer/" + shodan-query: 'vuln:CVE-2025-22297' + tags: cve,wordpress,wp-plugin,ai-wp-writer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ai-wp-writer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ai-wp-writer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.8.4.4') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22298-50b2159da0323344aa94969ed0552cd0.yaml b/nuclei-templates/2025/CVE-2025-22298-50b2159da0323344aa94969ed0552cd0.yaml new file mode 100644 index 0000000000..4385d7401f --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22298-50b2159da0323344aa94969ed0552cd0.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22298-50b2159da0323344aa94969ed0552cd0 + +info: + name: > + Hive Support – WordPress Help Desk <= 1.1.6 - Missing Authorization + author: topscoder + severity: low + description: > + The Hive Support | AI-Powered Help Desk, Live Chat & AI Chat Bot Plugin for WordPress plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.1.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0a41d0b9-da73-4d7a-b46e-ee74f4d0897d?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2025-22298 + metadata: + fofa-query: "wp-content/plugins/hive-support/" + google-query: inurl:"/wp-content/plugins/hive-support/" + shodan-query: 'vuln:CVE-2025-22298' + tags: cve,wordpress,wp-plugin,hive-support,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/hive-support/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "hive-support" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.6') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22299-3ef0e3f3aa54b8a18f41ca4421d60ba0.yaml b/nuclei-templates/2025/CVE-2025-22299-3ef0e3f3aa54b8a18f41ca4421d60ba0.yaml new file mode 100644 index 0000000000..bf03baa8a0 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22299-3ef0e3f3aa54b8a18f41ca4421d60ba0.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22299-3ef0e3f3aa54b8a18f41ca4421d60ba0 + +info: + name: > + AI for SEO <= 1.2.9 - Missing Authorization + author: topscoder + severity: high + description: > + The AI for SEO – Bulk Generate Metadata, Alt Text, Image Titles, Captions, Descriptions plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.2.9. This makes it possible for unauthenticated attackers to perform an unauthorized action. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3121821e-676a-444e-8e5c-c0fff58bc6eb?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N + cvss-score: 5.3 + cve-id: CVE-2025-22299 + metadata: + fofa-query: "wp-content/plugins/ai-for-seo/" + google-query: inurl:"/wp-content/plugins/ai-for-seo/" + shodan-query: 'vuln:CVE-2025-22299' + tags: cve,wordpress,wp-plugin,ai-for-seo,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ai-for-seo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ai-for-seo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.9') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22300-503eeb659e16fe2f01f0ef49bc2ae15c.yaml b/nuclei-templates/2025/CVE-2025-22300-503eeb659e16fe2f01f0ef49bc2ae15c.yaml new file mode 100644 index 0000000000..53e6ba87a0 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22300-503eeb659e16fe2f01f0ef49bc2ae15c.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22300-503eeb659e16fe2f01f0ef49bc2ae15c + +info: + name: > + PixelYourSite – Your smart PIXEL (TAG) Manager <= 10.0.1.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + The PixelYourSite – Your smart PIXEL (TAG) Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 10.0.1.2. This is due to missing or incorrect nonce validation on the init() function. This makes it possible for unauthenticated attackers to modify settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/996c2843-158c-475a-874e-c5af00347d8c?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2025-22300 + metadata: + fofa-query: "wp-content/plugins/pixelyoursite/" + google-query: inurl:"/wp-content/plugins/pixelyoursite/" + shodan-query: 'vuln:CVE-2025-22300' + tags: cve,wordpress,wp-plugin,pixelyoursite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pixelyoursite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pixelyoursite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 10.0.1.2') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22301-ca06e7c08c512ecc5e5605b04f5b3cea.yaml b/nuclei-templates/2025/CVE-2025-22301-ca06e7c08c512ecc5e5605b04f5b3cea.yaml new file mode 100644 index 0000000000..922b3bd084 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22301-ca06e7c08c512ecc5e5605b04f5b3cea.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22301-ca06e7c08c512ecc5e5605b04f5b3cea + +info: + name: > + MyBookTable Bookstore <= 3.5.3 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + The MyBookTable Bookstore plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.3. This is due to missing or incorrect nonce validation on the mbt_add_admin_notices() function. This makes it possible for unauthenticated attackers to add the plugin's pages via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/40cb4d77-ee8d-42ff-9c18-0cd76910edb7?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2025-22301 + metadata: + fofa-query: "wp-content/plugins/mybooktable/" + google-query: inurl:"/wp-content/plugins/mybooktable/" + shodan-query: 'vuln:CVE-2025-22301' + tags: cve,wordpress,wp-plugin,mybooktable,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mybooktable/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mybooktable" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.3') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22302-9275f41422dd41f180bc596b26ffda40.yaml b/nuclei-templates/2025/CVE-2025-22302-9275f41422dd41f180bc596b26ffda40.yaml new file mode 100644 index 0000000000..3cbaf485cc --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22302-9275f41422dd41f180bc596b26ffda40.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22302-9275f41422dd41f180bc596b26ffda40 + +info: + name: > + WP Wand <= 1.2.5 - Missing Authorization + author: topscoder + severity: high + description: > + The WP Wand plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to utilize the plugins functionality. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5347f988-6ee3-4e9b-ab55-4debe074aa12?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N + cvss-score: 5.3 + cve-id: CVE-2025-22302 + metadata: + fofa-query: "wp-content/plugins/ai-content-generation/" + google-query: inurl:"/wp-content/plugins/ai-content-generation/" + shodan-query: 'vuln:CVE-2025-22302' + tags: cve,wordpress,wp-plugin,ai-content-generation,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ai-content-generation/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ai-content-generation" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.5') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22303-ec4cef01ab2d8bd86015c829192515e2.yaml b/nuclei-templates/2025/CVE-2025-22303-ec4cef01ab2d8bd86015c829192515e2.yaml new file mode 100644 index 0000000000..8069e385b3 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22303-ec4cef01ab2d8bd86015c829192515e2.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22303-ec4cef01ab2d8bd86015c829192515e2 + +info: + name: > + WP Mailster <= 1.8.17.0 - Unauthenticated Sensitive Information Exposure + author: topscoder + severity: medium + description: > + The WP Mailster plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.17.0. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9156a588-7615-4575-9784-8716c54fee11?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.3 + cve-id: CVE-2025-22303 + metadata: + fofa-query: "wp-content/plugins/wp-mailster/" + google-query: inurl:"/wp-content/plugins/wp-mailster/" + shodan-query: 'vuln:CVE-2025-22303' + tags: cve,wordpress,wp-plugin,wp-mailster,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-mailster/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-mailster" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.17.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22304-ca86b574e7922af64e1ba707272d954d.yaml b/nuclei-templates/2025/CVE-2025-22304-ca86b574e7922af64e1ba707272d954d.yaml new file mode 100644 index 0000000000..06dcd8af26 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22304-ca86b574e7922af64e1ba707272d954d.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22304-ca86b574e7922af64e1ba707272d954d + +info: + name: > + WP Visitor Statistics (Real Time Traffic) <= 7.5 - Missing Authorization + author: topscoder + severity: low + description: > + The WP Visitor Statistics (Real Time Traffic) plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 7.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c90fc17b-f355-4067-928f-031734a572f3?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2025-22304 + metadata: + fofa-query: "wp-content/plugins/wp-stats-manager/" + google-query: inurl:"/wp-content/plugins/wp-stats-manager/" + shodan-query: 'vuln:CVE-2025-22304' + tags: cve,wordpress,wp-plugin,wp-stats-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-stats-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-stats-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.5') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22305-f254b4e50850163871115e49b90ecb27.yaml b/nuclei-templates/2025/CVE-2025-22305-f254b4e50850163871115e49b90ecb27.yaml new file mode 100644 index 0000000000..2f285b6de9 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22305-f254b4e50850163871115e49b90ecb27.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22305-f254b4e50850163871115e49b90ecb27 + +info: + name: > + Hero Banner Ultimate <= 1.4.3 - Authenticated (Author+) Local File Inclusion + author: topscoder + severity: low + description: > + The Hero Banner Ultimate plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.4.3. This makes it possible for authenticated attackers, with author-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9cfd5cfa-9075-4408-bfb1-fb0c3494f61e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2025-22305 + metadata: + fofa-query: "wp-content/plugins/hero-banner-ultimate/" + google-query: inurl:"/wp-content/plugins/hero-banner-ultimate/" + shodan-query: 'vuln:CVE-2025-22305' + tags: cve,wordpress,wp-plugin,hero-banner-ultimate,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/hero-banner-ultimate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "hero-banner-ultimate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.3') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22306-325521586eada5181bb9e46cec339fd2.yaml b/nuclei-templates/2025/CVE-2025-22306-325521586eada5181bb9e46cec339fd2.yaml new file mode 100644 index 0000000000..d51288e9fe --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22306-325521586eada5181bb9e46cec339fd2.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22306-325521586eada5181bb9e46cec339fd2 + +info: + name: > + Link Whisper Free <= 0.7.8 - Unauthenticated Sensitive Information Exposure + author: topscoder + severity: medium + description: > + The Link Whisper Free plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 0.7.8. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ad2b053b-12c0-42fa-b3da-31c824f04848?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.3 + cve-id: CVE-2025-22306 + metadata: + fofa-query: "wp-content/plugins/link-whisper/" + google-query: inurl:"/wp-content/plugins/link-whisper/" + shodan-query: 'vuln:CVE-2025-22306' + tags: cve,wordpress,wp-plugin,link-whisper,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/link-whisper/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "link-whisper" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.7.8') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22307-14c4f71137aa069892f446038cad4c37.yaml b/nuclei-templates/2025/CVE-2025-22307-14c4f71137aa069892f446038cad4c37.yaml new file mode 100644 index 0000000000..89694462d5 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22307-14c4f71137aa069892f446038cad4c37.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22307-14c4f71137aa069892f446038cad4c37 + +info: + name: > + Product Table for WooCommerce <= 3.5.6 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Product Table for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 3.5.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8c163c9e-5f63-4501-8c51-89ef47488b03?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-22307 + metadata: + fofa-query: "wp-content/plugins/woo-product-table/" + google-query: inurl:"/wp-content/plugins/woo-product-table/" + shodan-query: 'vuln:CVE-2025-22307' + tags: cve,wordpress,wp-plugin,woo-product-table,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-product-table/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-product-table" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.6') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22308-7dbd48a20d861a9aacb10e8174d99a1d.yaml b/nuclei-templates/2025/CVE-2025-22308-7dbd48a20d861a9aacb10e8174d99a1d.yaml new file mode 100644 index 0000000000..583dee0742 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22308-7dbd48a20d861a9aacb10e8174d99a1d.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22308-7dbd48a20d861a9aacb10e8174d99a1d + +info: + name: > + Smart Custom Fields <= 5.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Smart Custom Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 5.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/165406fe-c6a5-4d2b-aad9-a860957a446e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22308 + metadata: + fofa-query: "wp-content/plugins/smart-custom-fields/" + google-query: inurl:"/wp-content/plugins/smart-custom-fields/" + shodan-query: 'vuln:CVE-2025-22308' + tags: cve,wordpress,wp-plugin,smart-custom-fields,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/smart-custom-fields/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "smart-custom-fields" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.0.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22309-605a1e626bcfe4260823b7fd51261d4b.yaml b/nuclei-templates/2025/CVE-2025-22309-605a1e626bcfe4260823b7fd51261d4b.yaml new file mode 100644 index 0000000000..535094078b --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22309-605a1e626bcfe4260823b7fd51261d4b.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22309-605a1e626bcfe4260823b7fd51261d4b + +info: + name: > + SpeakOut! Email Petitions <= 4.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The SpeakOut! Email Petitions plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ee0acdaa-3c56-4a57-865e-44e8ecd7fba0?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22309 + metadata: + fofa-query: "wp-content/plugins/speakout/" + google-query: inurl:"/wp-content/plugins/speakout/" + shodan-query: 'vuln:CVE-2025-22309' + tags: cve,wordpress,wp-plugin,speakout,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/speakout/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "speakout" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.4.2') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22310-8c7f4c6048d1c410fb57fbdb5b0e07f0.yaml b/nuclei-templates/2025/CVE-2025-22310-8c7f4c6048d1c410fb57fbdb5b0e07f0.yaml new file mode 100644 index 0000000000..b36fc026db --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22310-8c7f4c6048d1c410fb57fbdb5b0e07f0.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22310-8c7f4c6048d1c410fb57fbdb5b0e07f0 + +info: + name: > + TemplatesNext ToolKit <= 3.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The TemplatesNext ToolKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/540b1b4e-474d-48a8-ac8c-b7cd589ddc4c?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22310 + metadata: + fofa-query: "wp-content/plugins/templatesnext-toolkit/" + google-query: inurl:"/wp-content/plugins/templatesnext-toolkit/" + shodan-query: 'vuln:CVE-2025-22310' + tags: cve,wordpress,wp-plugin,templatesnext-toolkit,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/templatesnext-toolkit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "templatesnext-toolkit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.9') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22311-88c9bcd75bb3ec4e3ff2048ea1685a4a.yaml b/nuclei-templates/2025/CVE-2025-22311-88c9bcd75bb3ec4e3ff2048ea1685a4a.yaml new file mode 100644 index 0000000000..72c854a3fe --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22311-88c9bcd75bb3ec4e3ff2048ea1685a4a.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22311-88c9bcd75bb3ec4e3ff2048ea1685a4a + +info: + name: > + Private Messages for UserPro <= 4.10.0 - Unauthenticated Local File Inclusion + author: topscoder + severity: critical + description: > + The Private Messages for UserPro plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4.10.0. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/99ffffae-85a8-4562-838d-4e952bb0d76e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2025-22311 + metadata: + fofa-query: "wp-content/plugins/userpro-messaging/" + google-query: inurl:"/wp-content/plugins/userpro-messaging/" + shodan-query: 'vuln:CVE-2025-22311' + tags: cve,wordpress,wp-plugin,userpro-messaging,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/userpro-messaging/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "userpro-messaging" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.10.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22312-728bd1359dfb0ad0df0030d544e0cc48.yaml b/nuclei-templates/2025/CVE-2025-22312-728bd1359dfb0ad0df0030d544e0cc48.yaml new file mode 100644 index 0000000000..970d8974da --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22312-728bd1359dfb0ad0df0030d544e0cc48.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22312-728bd1359dfb0ad0df0030d544e0cc48 + +info: + name: > + Thim Elementor Kit <= 1.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Thim Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8b6e18dd-cb00-4cff-8cda-bf8f7df1cb27?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22312 + metadata: + fofa-query: "wp-content/plugins/thim-elementor-kit/" + google-query: inurl:"/wp-content/plugins/thim-elementor-kit/" + shodan-query: 'vuln:CVE-2025-22312' + tags: cve,wordpress,wp-plugin,thim-elementor-kit,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/thim-elementor-kit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "thim-elementor-kit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.9') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22313-7b357f6c0eefd88566a0a4d82d37028e.yaml b/nuclei-templates/2025/CVE-2025-22313-7b357f6c0eefd88566a0a4d82d37028e.yaml new file mode 100644 index 0000000000..dbf37ce1aa --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22313-7b357f6c0eefd88566a0a4d82d37028e.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22313-7b357f6c0eefd88566a0a4d82d37028e + +info: + name: > + Widgetize Pages Light <= 3.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Widgetize Pages Light plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 3.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/00a9b83e-793e-46df-a3de-5728cf424d28?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-22313 + metadata: + fofa-query: "wp-content/plugins/widgetize-pages-light/" + google-query: inurl:"/wp-content/plugins/widgetize-pages-light/" + shodan-query: 'vuln:CVE-2025-22313' + tags: cve,wordpress,wp-plugin,widgetize-pages-light,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/widgetize-pages-light/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "widgetize-pages-light" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22314-7bc51e58c53d0caf6640873c1d432b12.yaml b/nuclei-templates/2025/CVE-2025-22314-7bc51e58c53d0caf6640873c1d432b12.yaml new file mode 100644 index 0000000000..75397f31c3 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22314-7bc51e58c53d0caf6640873c1d432b12.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22314-7bc51e58c53d0caf6640873c1d432b12 + +info: + name: > + Food Store – Online Food Delivery & Pickup <= 1.5.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Food Store – Online Food Delivery & Pickup plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5dabf766-b288-48c1-8e89-f910d7ecf8a8?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-22314 + metadata: + fofa-query: "wp-content/plugins/food-store/" + google-query: inurl:"/wp-content/plugins/food-store/" + shodan-query: 'vuln:CVE-2025-22314' + tags: cve,wordpress,wp-plugin,food-store,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/food-store/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "food-store" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.2') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22315-380b9dffec9089dc3dbccaeb0b927ab8.yaml b/nuclei-templates/2025/CVE-2025-22315-380b9dffec9089dc3dbccaeb0b927ab8.yaml new file mode 100644 index 0000000000..9aeef02608 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22315-380b9dffec9089dc3dbccaeb0b927ab8.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22315-380b9dffec9089dc3dbccaeb0b927ab8 + +info: + name: > + Typing Text <= 1.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Typing Text plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b44b3cf5-a976-407f-b23b-4b7448a18263?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22315 + metadata: + fofa-query: "wp-content/plugins/typing-text/" + google-query: inurl:"/wp-content/plugins/typing-text/" + shodan-query: 'vuln:CVE-2025-22315' + tags: cve,wordpress,wp-plugin,typing-text,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/typing-text/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "typing-text" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.7') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22316-6ad80fbbe5415c688d0b01db4d584248.yaml b/nuclei-templates/2025/CVE-2025-22316-6ad80fbbe5415c688d0b01db4d584248.yaml new file mode 100644 index 0000000000..2799d91686 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22316-6ad80fbbe5415c688d0b01db4d584248.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22316-6ad80fbbe5415c688d0b01db4d584248 + +info: + name: > + WPBITS Addons For Elementor Page Builder <= 1.5.1 - Authenticated (Author+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The WPBITS Addons For Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/234a4cd9-4149-4ef0-b543-762a44cce73d?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22316 + metadata: + fofa-query: "wp-content/plugins/wpbits-addons-for-elementor/" + google-query: inurl:"/wp-content/plugins/wpbits-addons-for-elementor/" + shodan-query: 'vuln:CVE-2025-22316' + tags: cve,wordpress,wp-plugin,wpbits-addons-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpbits-addons-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpbits-addons-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22317-6de24867046c862f40804077a7d18a69.yaml b/nuclei-templates/2025/CVE-2025-22317-6de24867046c862f40804077a7d18a69.yaml new file mode 100644 index 0000000000..655aa6d022 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22317-6de24867046c862f40804077a7d18a69.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22317-6de24867046c862f40804077a7d18a69 + +info: + name: > + Gallery Images Ape <= 2.2.8 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Gallery Images Ape plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 2.2.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ae411d4f-1a23-47ac-8b84-fe7c01618bae?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-22317 + metadata: + fofa-query: "wp-content/plugins/gallery-images-ape/" + google-query: inurl:"/wp-content/plugins/gallery-images-ape/" + shodan-query: 'vuln:CVE-2025-22317' + tags: cve,wordpress,wp-plugin,gallery-images-ape,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gallery-images-ape/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gallery-images-ape" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.8') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22318-9a18fc5f8dc9a451a8eb49d81fcdabae.yaml b/nuclei-templates/2025/CVE-2025-22318-9a18fc5f8dc9a451a8eb49d81fcdabae.yaml new file mode 100644 index 0000000000..e97bce45ac --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22318-9a18fc5f8dc9a451a8eb49d81fcdabae.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22318-9a18fc5f8dc9a451a8eb49d81fcdabae + +info: + name: > + Standard Box Sizes – for WooCommerce <= 1.6.13 - Missing Authorization + author: topscoder + severity: high + description: > + The Standard Box Sizes – for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.6.13. This makes it possible for unauthenticated attackers to perform an unauthorized action. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0daebb47-a9fb-45c7-8519-54f6fd5faa1c?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N + cvss-score: 5.3 + cve-id: CVE-2025-22318 + metadata: + fofa-query: "wp-content/plugins/standard-box-sizes/" + google-query: inurl:"/wp-content/plugins/standard-box-sizes/" + shodan-query: 'vuln:CVE-2025-22318' + tags: cve,wordpress,wp-plugin,standard-box-sizes,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/standard-box-sizes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "standard-box-sizes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.13') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22319-a27f3aa1cf3b57380fdc58350fd22b36.yaml b/nuclei-templates/2025/CVE-2025-22319-a27f3aa1cf3b57380fdc58350fd22b36.yaml new file mode 100644 index 0000000000..7bc8f2f313 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22319-a27f3aa1cf3b57380fdc58350fd22b36.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22319-a27f3aa1cf3b57380fdc58350fd22b36 + +info: + name: > + Social Media Share Buttons | MashShare <= 4.0.47 - Missing Authorization + author: topscoder + severity: low + description: > + The MashShare – Social Media Share Buttons, Social Share Icons plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 4.0.47. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/47906d5e-b77f-4b40-b89e-0bd0ed82b2e5?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2025-22319 + metadata: + fofa-query: "wp-content/plugins/mashsharer/" + google-query: inurl:"/wp-content/plugins/mashsharer/" + shodan-query: 'vuln:CVE-2025-22319' + tags: cve,wordpress,wp-plugin,mashsharer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mashsharer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mashsharer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.47') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22320-4cc065b30e612028f786e9ad83b4f3a6.yaml b/nuclei-templates/2025/CVE-2025-22320-4cc065b30e612028f786e9ad83b4f3a6.yaml new file mode 100644 index 0000000000..c7fb385572 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22320-4cc065b30e612028f786e9ad83b4f3a6.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22320-4cc065b30e612028f786e9ad83b4f3a6 + +info: + name: > + ProductDyno <= 1.0.24 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The ProductDyno plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.0.24 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6e4cc3e9-736c-47aa-b383-bd98377f51e1?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-22320 + metadata: + fofa-query: "wp-content/plugins/productdyno/" + google-query: inurl:"/wp-content/plugins/productdyno/" + shodan-query: 'vuln:CVE-2025-22320' + tags: cve,wordpress,wp-plugin,productdyno,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/productdyno/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "productdyno" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.24') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22321-d0470f55886a10cbde636591da283ae8.yaml b/nuclei-templates/2025/CVE-2025-22321-d0470f55886a10cbde636591da283ae8.yaml new file mode 100644 index 0000000000..7fa15c34f4 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22321-d0470f55886a10cbde636591da283ae8.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22321-d0470f55886a10cbde636591da283ae8 + +info: + name: > + ElementsCSS Addons for Elementor <= 1.0.8.7 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The ElementsCSS Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.8.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/66f71440-59f4-4de4-b008-20bec4820489?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22321 + metadata: + fofa-query: "wp-content/plugins/css-for-elementor/" + google-query: inurl:"/wp-content/plugins/css-for-elementor/" + shodan-query: 'vuln:CVE-2025-22321' + tags: cve,wordpress,wp-plugin,css-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/css-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "css-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.8.7') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22323-894ec7449a522bcc6633d2c33b629830.yaml b/nuclei-templates/2025/CVE-2025-22323-894ec7449a522bcc6633d2c33b629830.yaml new file mode 100644 index 0000000000..5e2c78f674 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22323-894ec7449a522bcc6633d2c33b629830.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22323-894ec7449a522bcc6633d2c33b629830 + +info: + name: > + Image Hover Effects for Elementor <= 1.0.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Image Hover Effects for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/99b268a7-fd96-4fed-82e7-cfc651126f1f?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22323 + metadata: + fofa-query: "wp-content/plugins/image-hover-effects-elementor-addon/" + google-query: inurl:"/wp-content/plugins/image-hover-effects-elementor-addon/" + shodan-query: 'vuln:CVE-2025-22323' + tags: cve,wordpress,wp-plugin,image-hover-effects-elementor-addon,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/image-hover-effects-elementor-addon/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "image-hover-effects-elementor-addon" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.2.3') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22324-3320ba08df563283bef8f09d97292d48.yaml b/nuclei-templates/2025/CVE-2025-22324-3320ba08df563283bef8f09d97292d48.yaml new file mode 100644 index 0000000000..99b66c2b01 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22324-3320ba08df563283bef8f09d97292d48.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22324-3320ba08df563283bef8f09d97292d48 + +info: + name: > + OZ Canonical <= 0.5 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The OZ Canonical plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 0.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a6635a04-b5fa-4cae-9567-b1d6ed688670?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-22324 + metadata: + fofa-query: "wp-content/plugins/oz-canonical/" + google-query: inurl:"/wp-content/plugins/oz-canonical/" + shodan-query: 'vuln:CVE-2025-22324' + tags: cve,wordpress,wp-plugin,oz-canonical,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/oz-canonical/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "oz-canonical" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.5') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22325-da78dafdbceef11b182efa64f6050bc2.yaml b/nuclei-templates/2025/CVE-2025-22325-da78dafdbceef11b182efa64f6050bc2.yaml new file mode 100644 index 0000000000..59495725e8 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22325-da78dafdbceef11b182efa64f6050bc2.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22325-da78dafdbceef11b182efa64f6050bc2 + +info: + name: > + Autocompleter <= 1.3.5.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + The Autocompleter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.5.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0a5a4b0e-f490-4f62-83cc-bef892e4c6ec?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-22325 + metadata: + fofa-query: "wp-content/plugins/autocompleter/" + google-query: inurl:"/wp-content/plugins/autocompleter/" + shodan-query: 'vuln:CVE-2025-22325' + tags: cve,wordpress,wp-plugin,autocompleter,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/autocompleter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "autocompleter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.5.2') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22326-b438e0439b668889a6f9476d0f89b993.yaml b/nuclei-templates/2025/CVE-2025-22326-b438e0439b668889a6f9476d0f89b993.yaml new file mode 100644 index 0000000000..61b5c4df99 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22326-b438e0439b668889a6f9476d0f89b993.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22326-b438e0439b668889a6f9476d0f89b993 + +info: + name: > + 5centsCDN <= 24.8.16 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The 5centsCDN plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 24.8.16 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/830baa14-e6bb-4d89-8678-dcf48c8b8377?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-22326 + metadata: + fofa-query: "wp-content/plugins/5centscdn/" + google-query: inurl:"/wp-content/plugins/5centscdn/" + shodan-query: 'vuln:CVE-2025-22326' + tags: cve,wordpress,wp-plugin,5centscdn,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/5centscdn/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "5centscdn" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 24.8.16') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22327-a6f47b2efb3c99ae0002fc5e9ebc3cb6.yaml b/nuclei-templates/2025/CVE-2025-22327-a6f47b2efb3c99ae0002fc5e9ebc3cb6.yaml new file mode 100644 index 0000000000..7216e3a6ac --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22327-a6f47b2efb3c99ae0002fc5e9ebc3cb6.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22327-a6f47b2efb3c99ae0002fc5e9ebc3cb6 + +info: + name: > + EO4WP <= 1.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The EO4WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1bcb9ba1-63f9-4de9-b1da-405231cd1d14?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22327 + metadata: + fofa-query: "wp-content/plugins/fw-integration-for-emailoctopus/" + google-query: inurl:"/wp-content/plugins/fw-integration-for-emailoctopus/" + shodan-query: 'vuln:CVE-2025-22327' + tags: cve,wordpress,wp-plugin,fw-integration-for-emailoctopus,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fw-integration-for-emailoctopus/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fw-integration-for-emailoctopus" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.7') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22328-a3e2abd11fd50ef744c086845560451e.yaml b/nuclei-templates/2025/CVE-2025-22328-a3e2abd11fd50ef744c086845560451e.yaml new file mode 100644 index 0000000000..65cd18e1bd --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22328-a3e2abd11fd50ef744c086845560451e.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22328-a3e2abd11fd50ef744c086845560451e + +info: + name: > + Elevio <= 4.4.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + The Elevio plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.4.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/25fa3c6b-d680-4c08-a183-4dc31bcb799e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2025-22328 + metadata: + fofa-query: "wp-content/plugins/elevio/" + google-query: inurl:"/wp-content/plugins/elevio/" + shodan-query: 'vuln:CVE-2025-22328' + tags: cve,wordpress,wp-plugin,elevio,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/elevio/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "elevio" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.4.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22329-51529c19715babbd83f3f1008e329a78.yaml b/nuclei-templates/2025/CVE-2025-22329-51529c19715babbd83f3f1008e329a78.yaml new file mode 100644 index 0000000000..9cad73af9b --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22329-51529c19715babbd83f3f1008e329a78.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22329-51529c19715babbd83f3f1008e329a78 + +info: + name: > + Free Google Maps <= 1.0.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Free Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/babcd8a8-c64d-4a71-b7ed-92ef497ef63d?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N + cvss-score: 5.4 + cve-id: CVE-2025-22329 + metadata: + fofa-query: "wp-content/plugins/wp-map/" + google-query: inurl:"/wp-content/plugins/wp-map/" + shodan-query: 'vuln:CVE-2025-22329' + tags: cve,wordpress,wp-plugin,wp-map,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-map/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-map" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22330-1e3c4c150178733cfff4bbabf8253f1e.yaml b/nuclei-templates/2025/CVE-2025-22330-1e3c4c150178733cfff4bbabf8253f1e.yaml new file mode 100644 index 0000000000..53443a6c45 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22330-1e3c4c150178733cfff4bbabf8253f1e.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22330-1e3c4c150178733cfff4bbabf8253f1e + +info: + name: > + MG Parallax Slider <= 1.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The MG Parallax Slider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/61023d27-3d8d-482b-9193-8b265ac18e41?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-22330 + metadata: + fofa-query: "wp-content/plugins/mg-parallax-slider/" + google-query: inurl:"/wp-content/plugins/mg-parallax-slider/" + shodan-query: 'vuln:CVE-2025-22330' + tags: cve,wordpress,wp-plugin,mg-parallax-slider,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mg-parallax-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mg-parallax-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22331-e2ca54dc8cf333e36271e025e911145f.yaml b/nuclei-templates/2025/CVE-2025-22331-e2ca54dc8cf333e36271e025e911145f.yaml new file mode 100644 index 0000000000..4137203fbb --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22331-e2ca54dc8cf333e36271e025e911145f.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22331-e2ca54dc8cf333e36271e025e911145f + +info: + name: > + Cf7Save Extension <= 1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Cf7Save Extension plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/29299b88-10fd-4c76-a8d7-34d8d4c7fd14?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-22331 + metadata: + fofa-query: "wp-content/plugins/cf7save-extension/" + google-query: inurl:"/wp-content/plugins/cf7save-extension/" + shodan-query: 'vuln:CVE-2025-22331' + tags: cve,wordpress,wp-plugin,cf7save-extension,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cf7save-extension/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cf7save-extension" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22333-fcd0e633570c35bb7d1c99de2bed775f.yaml b/nuclei-templates/2025/CVE-2025-22333-fcd0e633570c35bb7d1c99de2bed775f.yaml new file mode 100644 index 0000000000..e46423f97f --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22333-fcd0e633570c35bb7d1c99de2bed775f.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22333-fcd0e633570c35bb7d1c99de2bed775f + +info: + name: > + Piotnet Addons For Elementor <= 2.4.31 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Heading widget in all versions up to, and including, 2.4.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b84d88af-62b7-4f82-94c6-24c1513bfd57?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22333 + metadata: + fofa-query: "wp-content/plugins/piotnet-addons-for-elementor/" + google-query: inurl:"/wp-content/plugins/piotnet-addons-for-elementor/" + shodan-query: 'vuln:CVE-2025-22333' + tags: cve,wordpress,wp-plugin,piotnet-addons-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/piotnet-addons-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "piotnet-addons-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.31') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22334-7a3f37fdcbb8f3f7b2c2432a68928c9d.yaml b/nuclei-templates/2025/CVE-2025-22334-7a3f37fdcbb8f3f7b2c2432a68928c9d.yaml new file mode 100644 index 0000000000..b60b906864 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22334-7a3f37fdcbb8f3f7b2c2432a68928c9d.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22334-7a3f37fdcbb8f3f7b2c2432a68928c9d + +info: + name: > + Education LMS <= 0.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Education LMS theme for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 0.0.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/18a20bd4-a172-40b5-9ff3-77e593cff4f5?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22334 + metadata: + fofa-query: "wp-content/themes/education-lms/" + google-query: inurl:"/wp-content/themes/education-lms/" + shodan-query: 'vuln:CVE-2025-22334' + tags: cve,wordpress,wp-theme,education-lms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/education-lms/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "education-lms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.0.7') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22335-a6c0120a5e3a5bbc3b9dda268a826ec2.yaml b/nuclei-templates/2025/CVE-2025-22335-a6c0120a5e3a5bbc3b9dda268a826ec2.yaml new file mode 100644 index 0000000000..eeaac26415 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22335-a6c0120a5e3a5bbc3b9dda268a826ec2.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22335-a6c0120a5e3a5bbc3b9dda268a826ec2 + +info: + name: > + Opencart Product in WP <= 1.0.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Opencart Product in WP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/326707a9-5d37-4d26-a9d4-3b2db84289b9?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-22335 + metadata: + fofa-query: "wp-content/plugins/opencart-product-in-wp/" + google-query: inurl:"/wp-content/plugins/opencart-product-in-wp/" + shodan-query: 'vuln:CVE-2025-22335' + tags: cve,wordpress,wp-plugin,opencart-product-in-wp,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/opencart-product-in-wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "opencart-product-in-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22336-2f1af06286535ebb961b2eef1d0507b3.yaml b/nuclei-templates/2025/CVE-2025-22336-2f1af06286535ebb961b2eef1d0507b3.yaml new file mode 100644 index 0000000000..8665d7c686 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22336-2f1af06286535ebb961b2eef1d0507b3.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22336-2f1af06286535ebb961b2eef1d0507b3 + +info: + name: > + Wizhi Multi Filters by Wenprise <= 1.8.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Wizhi Multi Filters by Wenprise plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.6. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/62eb1ff6-8e98-4843-b697-21ce74e2aad8?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-22336 + metadata: + fofa-query: "wp-content/plugins/wizhi-multi-filters/" + google-query: inurl:"/wp-content/plugins/wizhi-multi-filters/" + shodan-query: 'vuln:CVE-2025-22336' + tags: cve,wordpress,wp-plugin,wizhi-multi-filters,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wizhi-multi-filters/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wizhi-multi-filters" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.6') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22337-d073870bdff0d1311640b279eaf4a0b6.yaml b/nuclei-templates/2025/CVE-2025-22337-d073870bdff0d1311640b279eaf4a0b6.yaml new file mode 100644 index 0000000000..723ab503e0 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22337-d073870bdff0d1311640b279eaf4a0b6.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22337-d073870bdff0d1311640b279eaf4a0b6 + +info: + name: > + Order Audit Log for WooCommerce <= 2.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Order Audit Log for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bec97055-ebe1-4529-9f3b-db2745300f69?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-22337 + metadata: + fofa-query: "wp-content/plugins/order-audit-log-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/order-audit-log-for-woocommerce/" + shodan-query: 'vuln:CVE-2025-22337' + tags: cve,wordpress,wp-plugin,order-audit-log-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/order-audit-log-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "order-audit-log-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22338-98813a59342445afd5bb9c1c285727b7.yaml b/nuclei-templates/2025/CVE-2025-22338-98813a59342445afd5bb9c1c285727b7.yaml new file mode 100644 index 0000000000..0d7c071398 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22338-98813a59342445afd5bb9c1c285727b7.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22338-98813a59342445afd5bb9c1c285727b7 + +info: + name: > + WP-tagMaker <= 0.2.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The WP-tagMaker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 0.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/807f895e-8a1d-4bf3-87df-2c9a5af54267?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-22338 + metadata: + fofa-query: "wp-content/plugins/tagmaker/" + google-query: inurl:"/wp-content/plugins/tagmaker/" + shodan-query: 'vuln:CVE-2025-22338' + tags: cve,wordpress,wp-plugin,tagmaker,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tagmaker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tagmaker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.2.2') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22339-800d720bfab3ae824d673b6261bcc4e8.yaml b/nuclei-templates/2025/CVE-2025-22339-800d720bfab3ae824d673b6261bcc4e8.yaml new file mode 100644 index 0000000000..f54c844a55 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22339-800d720bfab3ae824d673b6261bcc4e8.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22339-800d720bfab3ae824d673b6261bcc4e8 + +info: + name: > + Store Commerce <= 1.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Store Commerce theme for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cf37013e-872a-4582-b6b2-4335f2d9c818?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22339 + metadata: + fofa-query: "wp-content/themes/store-commerce/" + google-query: inurl:"/wp-content/themes/store-commerce/" + shodan-query: 'vuln:CVE-2025-22339' + tags: cve,wordpress,wp-theme,store-commerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/store-commerce/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "store-commerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.4') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22342-b208da29221a5836bf74e927c70eaf93.yaml b/nuclei-templates/2025/CVE-2025-22342-b208da29221a5836bf74e927c70eaf93.yaml new file mode 100644 index 0000000000..c2ecd8c65f --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22342-b208da29221a5836bf74e927c70eaf93.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22342-b208da29221a5836bf74e927c70eaf93 + +info: + name: > + WP Simple Sitemap <= 0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The WP Simple Sitemap plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fedb49da-ac10-4ead-9ee1-38aa5fc3b5ff?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-22342 + metadata: + fofa-query: "wp-content/plugins/wp-simple-sitemap/" + google-query: inurl:"/wp-content/plugins/wp-simple-sitemap/" + shodan-query: 'vuln:CVE-2025-22342' + tags: cve,wordpress,wp-plugin,wp-simple-sitemap,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-simple-sitemap/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-simple-sitemap" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.2') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22343-250b85dc22ffbec0a67e1508f6d942e9.yaml b/nuclei-templates/2025/CVE-2025-22343-250b85dc22ffbec0a67e1508f6d942e9.yaml new file mode 100644 index 0000000000..7a43742751 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22343-250b85dc22ffbec0a67e1508f6d942e9.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22343-250b85dc22ffbec0a67e1508f6d942e9 + +info: + name: > + wpSOL <= 1.2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The wpSOL plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2326984b-8f2b-4922-8141-2fed0548101b?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-22343 + metadata: + fofa-query: "wp-content/plugins/wpsol/" + google-query: inurl:"/wp-content/plugins/wpsol/" + shodan-query: 'vuln:CVE-2025-22343' + tags: cve,wordpress,wp-plugin,wpsol,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpsol/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpsol" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22344-8841773cb6cbec72272d9dc0a0033d31.yaml b/nuclei-templates/2025/CVE-2025-22344-8841773cb6cbec72272d9dc0a0033d31.yaml new file mode 100644 index 0000000000..44d58d8f47 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22344-8841773cb6cbec72272d9dc0a0033d31.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22344-8841773cb6cbec72272d9dc0a0033d31 + +info: + name: > + Media Category Library <= 2.7 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Media Category Library plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 2.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4e3cb44c-ed14-42d5-9e26-0904978bd2a4?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-22344 + metadata: + fofa-query: "wp-content/plugins/media-category-library/" + google-query: inurl:"/wp-content/plugins/media-category-library/" + shodan-query: 'vuln:CVE-2025-22344' + tags: cve,wordpress,wp-plugin,media-category-library,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/media-category-library/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "media-category-library" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22345-cb7d98dec522def47ec289040db676f7.yaml b/nuclei-templates/2025/CVE-2025-22345-cb7d98dec522def47ec289040db676f7.yaml new file mode 100644 index 0000000000..8c066fcb62 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22345-cb7d98dec522def47ec289040db676f7.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22345-cb7d98dec522def47ec289040db676f7 + +info: + name: > + TS Comfort DB <= 2.0.7 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The TS Comfort DB plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 2.0.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3511f952-d816-4c70-9966-1ee61e281ef6?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-22345 + metadata: + fofa-query: "wp-content/plugins/ts-comfort-database/" + google-query: inurl:"/wp-content/plugins/ts-comfort-database/" + shodan-query: 'vuln:CVE-2025-22345' + tags: cve,wordpress,wp-plugin,ts-comfort-database,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ts-comfort-database/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ts-comfort-database" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.7') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22346-245e9e78d10e02e340717ca1e7b75fbd.yaml b/nuclei-templates/2025/CVE-2025-22346-245e9e78d10e02e340717ca1e7b75fbd.yaml new file mode 100644 index 0000000000..04376a3b0d --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22346-245e9e78d10e02e340717ca1e7b75fbd.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22346-245e9e78d10e02e340717ca1e7b75fbd + +info: + name: > + Course Migration for LearnDash <= 1.0.2 - Authenticated (Subscriber+) Server-Side Request Forgery + author: topscoder + severity: low + description: > + The Course Migration for LearnDash plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application which can be used to query and modify information from internal services. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/377e232b-1245-48ff-9f79-26a049e20063?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22346 + metadata: + fofa-query: "wp-content/plugins/course-migration-for-learndash/" + google-query: inurl:"/wp-content/plugins/course-migration-for-learndash/" + shodan-query: 'vuln:CVE-2025-22346' + tags: cve,wordpress,wp-plugin,course-migration-for-learndash,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/course-migration-for-learndash/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "course-migration-for-learndash" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.2') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22347-6c9bac55d7ec53166fea3d63397ec94b.yaml b/nuclei-templates/2025/CVE-2025-22347-6c9bac55d7ec53166fea3d63397ec94b.yaml new file mode 100644 index 0000000000..e0936c1ff3 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22347-6c9bac55d7ec53166fea3d63397ec94b.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22347-6c9bac55d7ec53166fea3d63397ec94b + +info: + name: > + BSK Forms Blacklist <= 3.9 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + The BSK Forms Blacklist plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.9. This is due to missing or incorrect nonce validation on the do_bulk_action() function. This makes it possible for unauthenticated attackers to perform SQL Injection via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bff60dda-30e2-4660-931e-4bb9acae0396?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L + cvss-score: 4.3 + cve-id: CVE-2025-22347 + metadata: + fofa-query: "wp-content/plugins/bsk-gravityforms-blacklist/" + google-query: inurl:"/wp-content/plugins/bsk-gravityforms-blacklist/" + shodan-query: 'vuln:CVE-2025-22347' + tags: cve,wordpress,wp-plugin,bsk-gravityforms-blacklist,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bsk-gravityforms-blacklist/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bsk-gravityforms-blacklist" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.9') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22348-359971505cafb6db6e168997ae92c21b.yaml b/nuclei-templates/2025/CVE-2025-22348-359971505cafb6db6e168997ae92c21b.yaml new file mode 100644 index 0000000000..fdc5d05afe --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22348-359971505cafb6db6e168997ae92c21b.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22348-359971505cafb6db6e168997ae92c21b + +info: + name: > + DynamicTags <= 1.4.0 - Authenticated (Subscriber+) SQL Injection + author: topscoder + severity: low + description: > + The DynamicTags plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.4.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5e408c1b-6789-4e9c-95c2-89e0a033e6b8?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N + cvss-score: 6.5 + cve-id: CVE-2025-22348 + metadata: + fofa-query: "wp-content/plugins/dynamictags/" + google-query: inurl:"/wp-content/plugins/dynamictags/" + shodan-query: 'vuln:CVE-2025-22348' + tags: cve,wordpress,wp-plugin,dynamictags,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dynamictags/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dynamictags" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22349-fe5b9b55c21f8ae32ffd346d3e6e12b3.yaml b/nuclei-templates/2025/CVE-2025-22349-fe5b9b55c21f8ae32ffd346d3e6e12b3.yaml new file mode 100644 index 0000000000..9153102d19 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22349-fe5b9b55c21f8ae32ffd346d3e6e12b3.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22349-fe5b9b55c21f8ae32ffd346d3e6e12b3 + +info: + name: > + WordPress Auction Plugin <= 3.7 - Authenticated (Editor+) SQL Injection + author: topscoder + severity: low + description: > + The WordPress Auction Plugin plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 3.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with editor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0cd62935-f865-43ff-b727-f17b6fc5976d?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N + cvss-score: 4.9 + cve-id: CVE-2025-22349 + metadata: + fofa-query: "wp-content/plugins/wp-auctions/" + google-query: inurl:"/wp-content/plugins/wp-auctions/" + shodan-query: 'vuln:CVE-2025-22349' + tags: cve,wordpress,wp-plugin,wp-auctions,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-auctions/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-auctions" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.7') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22350-7d1854cb243960d9dfcff31e2e997f7d.yaml b/nuclei-templates/2025/CVE-2025-22350-7d1854cb243960d9dfcff31e2e997f7d.yaml new file mode 100644 index 0000000000..e0996ac662 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22350-7d1854cb243960d9dfcff31e2e997f7d.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22350-7d1854cb243960d9dfcff31e2e997f7d + +info: + name: > + Ultimate Learning Pro <= 3.9 - Authenticated (Administrator+) SQL Injection + author: topscoder + severity: low + description: > + The Ultimate Learning Pro plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 3.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3c49fa36-f572-4e04-8f92-742af0e93f00?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N + cvss-score: 4.9 + cve-id: CVE-2025-22350 + metadata: + fofa-query: "wp-content/plugins/indeed-learning-pro/" + google-query: inurl:"/wp-content/plugins/indeed-learning-pro/" + shodan-query: 'vuln:CVE-2025-22350' + tags: cve,wordpress,wp-plugin,indeed-learning-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/indeed-learning-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "indeed-learning-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.9') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22351-8f12c2ff0290f73759b5a9c5dca50d00.yaml b/nuclei-templates/2025/CVE-2025-22351-8f12c2ff0290f73759b5a9c5dca50d00.yaml new file mode 100644 index 0000000000..09eb77a078 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22351-8f12c2ff0290f73759b5a9c5dca50d00.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22351-8f12c2ff0290f73759b5a9c5dca50d00 + +info: + name: > + Contact Form 7 Database – CFDB7 <= 1.0.0 - Authenticated (Administrator+) SQL Injection + author: topscoder + severity: low + description: > + The Contact Form 7 Database – CFDB7 plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/059e358d-422d-48e8-a11e-fed52770f4d9?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N + cvss-score: 4.9 + cve-id: CVE-2025-22351 + metadata: + fofa-query: "wp-content/plugins/advanced-cf7-database/" + google-query: inurl:"/wp-content/plugins/advanced-cf7-database/" + shodan-query: 'vuln:CVE-2025-22351' + tags: cve,wordpress,wp-plugin,advanced-cf7-database,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-cf7-database/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-cf7-database" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22352-4fd95a54f292755ebe49b5abf7663895.yaml b/nuclei-templates/2025/CVE-2025-22352-4fd95a54f292755ebe49b5abf7663895.yaml new file mode 100644 index 0000000000..c0619ddda2 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22352-4fd95a54f292755ebe49b5abf7663895.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22352-4fd95a54f292755ebe49b5abf7663895 + +info: + name: > + ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes <= 1.4.8 - Authenticated (Shop manager+) SQL Injection + author: topscoder + severity: low + description: > + The ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.4.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with shop manager-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6c3194de-5330-48d2-9d5f-c5772b756ee2?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N + cvss-score: 4.9 + cve-id: CVE-2025-22352 + metadata: + fofa-query: "wp-content/plugins/elex-bulk-edit-products-prices-attributes-for-woocommerce-basic/" + google-query: inurl:"/wp-content/plugins/elex-bulk-edit-products-prices-attributes-for-woocommerce-basic/" + shodan-query: 'vuln:CVE-2025-22352' + tags: cve,wordpress,wp-plugin,elex-bulk-edit-products-prices-attributes-for-woocommerce-basic,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/elex-bulk-edit-products-prices-attributes-for-woocommerce-basic/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "elex-bulk-edit-products-prices-attributes-for-woocommerce-basic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.8') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22353-8a154d0833786663c21659a2a4bcf3c0.yaml b/nuclei-templates/2025/CVE-2025-22353-8a154d0833786663c21659a2a4bcf3c0.yaml new file mode 100644 index 0000000000..28056e1598 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22353-8a154d0833786663c21659a2a4bcf3c0.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22353-8a154d0833786663c21659a2a4bcf3c0 + +info: + name: > + BVD Easy Gallery Manager <= 1.0.6 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The BVD Easy Gallery Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/22716408-8015-4ada-965b-4941a4b0e38c?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-22353 + metadata: + fofa-query: "wp-content/plugins/bvd-easy-gallery-manager/" + google-query: inurl:"/wp-content/plugins/bvd-easy-gallery-manager/" + shodan-query: 'vuln:CVE-2025-22353' + tags: cve,wordpress,wp-plugin,bvd-easy-gallery-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bvd-easy-gallery-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bvd-easy-gallery-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.6') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22354-ac82317b1324e0442206e1c88cc799d8.yaml b/nuclei-templates/2025/CVE-2025-22354-ac82317b1324e0442206e1c88cc799d8.yaml new file mode 100644 index 0000000000..a06e369a47 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22354-ac82317b1324e0442206e1c88cc799d8.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22354-ac82317b1324e0442206e1c88cc799d8 + +info: + name: > + Digi Store <= 1.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Digi Store theme for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5f2435fd-ccd5-4e51-89d7-98cddafac3fd?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22354 + metadata: + fofa-query: "wp-content/themes/digi-store/" + google-query: inurl:"/wp-content/themes/digi-store/" + shodan-query: 'vuln:CVE-2025-22354' + tags: cve,wordpress,wp-theme,digi-store,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/digi-store/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "digi-store" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.4') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22355-97192034ca3b1c169611ce631578c34a.yaml b/nuclei-templates/2025/CVE-2025-22355-97192034ca3b1c169611ce631578c34a.yaml new file mode 100644 index 0000000000..15b0c0711d --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22355-97192034ca3b1c169611ce631578c34a.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22355-97192034ca3b1c169611ce631578c34a + +info: + name: > + Kikx Simple Post Author Filter <= 1.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Kikx Simple Post Author Filter plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c72daa83-afda-4999-b856-aba4d4118228?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-22355 + metadata: + fofa-query: "wp-content/plugins/sa-post-author-filter/" + google-query: inurl:"/wp-content/plugins/sa-post-author-filter/" + shodan-query: 'vuln:CVE-2025-22355' + tags: cve,wordpress,wp-plugin,sa-post-author-filter,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sa-post-author-filter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sa-post-author-filter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22357-0c9a3140ad98c2b70484e1f17ae74c11.yaml b/nuclei-templates/2025/CVE-2025-22357-0c9a3140ad98c2b70484e1f17ae74c11.yaml new file mode 100644 index 0000000000..179605afa4 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22357-0c9a3140ad98c2b70484e1f17ae74c11.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22357-0c9a3140ad98c2b70484e1f17ae74c11 + +info: + name: > + Target Notifications <= 1.1.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Target Notifications plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dae7d642-98bd-42c8-a0d1-628402e620f1?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-22357 + metadata: + fofa-query: "wp-content/plugins/target-notifications/" + google-query: inurl:"/wp-content/plugins/target-notifications/" + shodan-query: 'vuln:CVE-2025-22357' + tags: cve,wordpress,wp-plugin,target-notifications,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/target-notifications/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "target-notifications" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22358-366b8227e0be445851038ae8ad2e238d.yaml b/nuclei-templates/2025/CVE-2025-22358-366b8227e0be445851038ae8ad2e238d.yaml new file mode 100644 index 0000000000..9b914668dd --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22358-366b8227e0be445851038ae8ad2e238d.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22358-366b8227e0be445851038ae8ad2e238d + +info: + name: > + Wp advertising management <= 1.0.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Wp advertising management plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d3300568-4197-4cff-a6f0-696c6d4df075?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-22358 + metadata: + fofa-query: "wp-content/plugins/advertising-management/" + google-query: inurl:"/wp-content/plugins/advertising-management/" + shodan-query: 'vuln:CVE-2025-22358' + tags: cve,wordpress,wp-plugin,advertising-management,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advertising-management/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advertising-management" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.3') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22359-334420b7582cf762ade65ac5480a462a.yaml b/nuclei-templates/2025/CVE-2025-22359-334420b7582cf762ade65ac5480a462a.yaml new file mode 100644 index 0000000000..6296e26c91 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22359-334420b7582cf762ade65ac5480a462a.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22359-334420b7582cf762ade65ac5480a462a + +info: + name: > + SyncFields <= 2.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The SyncFields plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9ec52096-27c8-4c42-bc89-4aef8239ec6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-22359 + metadata: + fofa-query: "wp-content/plugins/syncfields/" + google-query: inurl:"/wp-content/plugins/syncfields/" + shodan-query: 'vuln:CVE-2025-22359' + tags: cve,wordpress,wp-plugin,syncfields,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/syncfields/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "syncfields" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22361-2ab82bd31a0b6390b821d8eb17cf9b83.yaml b/nuclei-templates/2025/CVE-2025-22361-2ab82bd31a0b6390b821d8eb17cf9b83.yaml new file mode 100644 index 0000000000..d53a6a4a33 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22361-2ab82bd31a0b6390b821d8eb17cf9b83.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22361-2ab82bd31a0b6390b821d8eb17cf9b83 + +info: + name: > + Opentracker Analytics <= 1.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Opentracker Analytics plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b1d571a0-5db2-4132-9b6c-9ffead418776?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-22361 + metadata: + fofa-query: "wp-content/plugins/opentracker-analytics/" + google-query: inurl:"/wp-content/plugins/opentracker-analytics/" + shodan-query: 'vuln:CVE-2025-22361' + tags: cve,wordpress,wp-plugin,opentracker-analytics,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/opentracker-analytics/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "opentracker-analytics" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22362-56dbd67b11587a7b2220c43ee12d48b2.yaml b/nuclei-templates/2025/CVE-2025-22362-56dbd67b11587a7b2220c43ee12d48b2.yaml new file mode 100644 index 0000000000..0ebc5f4f32 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22362-56dbd67b11587a7b2220c43ee12d48b2.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22362-56dbd67b11587a7b2220c43ee12d48b2 + +info: + name: > + WPAchievements Free <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The WPAchievements Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/79ed2c2b-5d76-4202-ac8a-d1813a57dcec?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22362 + metadata: + fofa-query: "wp-content/plugins/wpachievements-free/" + google-query: inurl:"/wp-content/plugins/wpachievements-free/" + shodan-query: 'vuln:CVE-2025-22362' + tags: cve,wordpress,wp-plugin,wpachievements-free,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpachievements-free/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpachievements-free" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22363-c2266dc2ca222e98ec33943303b0d301.yaml b/nuclei-templates/2025/CVE-2025-22363-c2266dc2ca222e98ec33943303b0d301.yaml new file mode 100644 index 0000000000..0187eb84fc --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22363-c2266dc2ca222e98ec33943303b0d301.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22363-c2266dc2ca222e98ec33943303b0d301 + +info: + name: > + Allada T-shirt Designer for Woocommerce <= 1.1 - Missing Authorization + author: topscoder + severity: high + description: > + The Allada T-shirt Designer for Woocommerce – Custom Product Designer for T-shirt personalization and design plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.1. This makes it possible for unauthenticated attackers to perform an unauthorized action. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b3075193-41ae-4e3d-acf7-b94105b67456?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N + cvss-score: 5.3 + cve-id: CVE-2025-22363 + metadata: + fofa-query: "wp-content/plugins/allada-tshirt-designer-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/allada-tshirt-designer-for-woocommerce/" + shodan-query: 'vuln:CVE-2025-22363' + tags: cve,wordpress,wp-plugin,allada-tshirt-designer-for-woocommerce,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/allada-tshirt-designer-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "allada-tshirt-designer-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22364-5705a9fdd4e1efa04d340bfbb1d86bce.yaml b/nuclei-templates/2025/CVE-2025-22364-5705a9fdd4e1efa04d340bfbb1d86bce.yaml new file mode 100644 index 0000000000..edd951fd5f --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22364-5705a9fdd4e1efa04d340bfbb1d86bce.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22364-5705a9fdd4e1efa04d340bfbb1d86bce + +info: + name: > + Ach Invoice App <= 1.0.1 - Unauthenticated Local File Inclusion + author: topscoder + severity: critical + description: > + The Ach Invoice App plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.0.1. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/da44b8d8-3f3f-4791-9f45-dee5e60f9bcc?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2025-22364 + metadata: + fofa-query: "wp-content/plugins/ach-invoice-app/" + google-query: inurl:"/wp-content/plugins/ach-invoice-app/" + shodan-query: 'vuln:CVE-2025-22364' + tags: cve,wordpress,wp-plugin,ach-invoice-app,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ach-invoice-app/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ach-invoice-app" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22365-1160694039543ff65d9503a1203238cd.yaml b/nuclei-templates/2025/CVE-2025-22365-1160694039543ff65d9503a1203238cd.yaml new file mode 100644 index 0000000000..d636473e91 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22365-1160694039543ff65d9503a1203238cd.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22365-1160694039543ff65d9503a1203238cd + +info: + name: > + EMC2 Alert Boxes <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The EMC2 Alert Boxes plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/462060ec-1661-4807-8e64-fa624ba2cc98?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22365 + metadata: + fofa-query: "wp-content/plugins/emc2-alert-boxes/" + google-query: inurl:"/wp-content/plugins/emc2-alert-boxes/" + shodan-query: 'vuln:CVE-2025-22365' + tags: cve,wordpress,wp-plugin,emc2-alert-boxes,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/emc2-alert-boxes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "emc2-alert-boxes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22498-3f0b3d7ea1f268f160c2fbf27a97cd0c.yaml b/nuclei-templates/2025/CVE-2025-22498-3f0b3d7ea1f268f160c2fbf27a97cd0c.yaml new file mode 100644 index 0000000000..33f98bce14 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22498-3f0b3d7ea1f268f160c2fbf27a97cd0c.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22498-3f0b3d7ea1f268f160c2fbf27a97cd0c + +info: + name: > + LucidLMS <= 1.0.5 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The LucidLMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7a914802-0cda-4038-8828-81fd74090801?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-22498 + metadata: + fofa-query: "wp-content/plugins/lucidlms/" + google-query: inurl:"/wp-content/plugins/lucidlms/" + shodan-query: 'vuln:CVE-2025-22498' + tags: cve,wordpress,wp-plugin,lucidlms,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/lucidlms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "lucidlms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.5') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22499-8d084851e1e92c06cef40a7eec9c10b5.yaml b/nuclei-templates/2025/CVE-2025-22499-8d084851e1e92c06cef40a7eec9c10b5.yaml new file mode 100644 index 0000000000..2d7aef36c5 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22499-8d084851e1e92c06cef40a7eec9c10b5.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22499-8d084851e1e92c06cef40a7eec9c10b5 + +info: + name: > + F4 Post Tree <= 1.1.18 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The F4 Post Tree plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.1.18 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/52842812-d7c5-4244-b1ee-cf6197a75c4e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-22499 + metadata: + fofa-query: "wp-content/plugins/f4-tree/" + google-query: inurl:"/wp-content/plugins/f4-tree/" + shodan-query: 'vuln:CVE-2025-22499' + tags: cve,wordpress,wp-plugin,f4-tree,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/f4-tree/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "f4-tree" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.18') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22500-a523c5c72f2dc217c95eae63448c96e3.yaml b/nuclei-templates/2025/CVE-2025-22500-a523c5c72f2dc217c95eae63448c96e3.yaml new file mode 100644 index 0000000000..c8ba9e8a18 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22500-a523c5c72f2dc217c95eae63448c96e3.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22500-a523c5c72f2dc217c95eae63448c96e3 + +info: + name: > + Alpha Price Table For Elementor <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Alpha Price Table For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/78c6b9c0-c503-4486-8102-92dbd34ad9c9?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22500 + metadata: + fofa-query: "wp-content/plugins/alpha-price-table-for-elementor/" + google-query: inurl:"/wp-content/plugins/alpha-price-table-for-elementor/" + shodan-query: 'vuln:CVE-2025-22500' + tags: cve,wordpress,wp-plugin,alpha-price-table-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/alpha-price-table-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "alpha-price-table-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.8') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22502-96e77b1a8763bab167164baaab428e7f.yaml b/nuclei-templates/2025/CVE-2025-22502-96e77b1a8763bab167164baaab428e7f.yaml new file mode 100644 index 0000000000..999b507bdb --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22502-96e77b1a8763bab167164baaab428e7f.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22502-96e77b1a8763bab167164baaab428e7f + +info: + name: > + MindValley Super PageMash <= 1.1 - Authenticated (Editor+) SQL Injection + author: topscoder + severity: low + description: > + The MindValley Super PageMash plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with editor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/60d7a5c1-7006-412d-897f-16c3105c20c4?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N + cvss-score: 4.9 + cve-id: CVE-2025-22502 + metadata: + fofa-query: "wp-content/plugins/mindvalley-pagemash/" + google-query: inurl:"/wp-content/plugins/mindvalley-pagemash/" + shodan-query: 'vuln:CVE-2025-22502' + tags: cve,wordpress,wp-plugin,mindvalley-pagemash,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mindvalley-pagemash/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mindvalley-pagemash" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22503-c7f0309e41fdf5925efc93401b34f823.yaml b/nuclei-templates/2025/CVE-2025-22503-c7f0309e41fdf5925efc93401b34f823.yaml new file mode 100644 index 0000000000..0097e065f3 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22503-c7f0309e41fdf5925efc93401b34f823.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22503-c7f0309e41fdf5925efc93401b34f823 + +info: + name: > + Admin debug wordpress – enable debug <= 1.0.13 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + The Admin debug wordpress – enable debug plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.13. This is due to missing or incorrect nonce validation on afunction. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5b315119-8fd8-4709-8907-b584877c0cfe?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2025-22503 + metadata: + fofa-query: "wp-content/plugins/dzs-enable-debug/" + google-query: inurl:"/wp-content/plugins/dzs-enable-debug/" + shodan-query: 'vuln:CVE-2025-22503' + tags: cve,wordpress,wp-plugin,dzs-enable-debug,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dzs-enable-debug/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dzs-enable-debug" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.13') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22504-8bf2d17a883663cf41b268bb4d8d7aa1.yaml b/nuclei-templates/2025/CVE-2025-22504-8bf2d17a883663cf41b268bb4d8d7aa1.yaml new file mode 100644 index 0000000000..ed168eae3a --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22504-8bf2d17a883663cf41b268bb4d8d7aa1.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22504-8bf2d17a883663cf41b268bb4d8d7aa1 + +info: + name: > + 4ECPS Web Forms <= 0.2.18 - Unauthenticated Arbitrary File Upload + author: topscoder + severity: critical + description: > + The 4ECPS Web Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 0.2.18. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b771199e-937f-46d5-9906-4cbbbcd748cd?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2025-22504 + metadata: + fofa-query: "wp-content/plugins/4ecps-webforms/" + google-query: inurl:"/wp-content/plugins/4ecps-webforms/" + shodan-query: 'vuln:CVE-2025-22504' + tags: cve,wordpress,wp-plugin,4ecps-webforms,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/4ecps-webforms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "4ecps-webforms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.2.18') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22505-24152a2eba9cbbadb182327d95ff9930.yaml b/nuclei-templates/2025/CVE-2025-22505-24152a2eba9cbbadb182327d95ff9930.yaml new file mode 100644 index 0000000000..362d3f90e5 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22505-24152a2eba9cbbadb182327d95ff9930.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22505-24152a2eba9cbbadb182327d95ff9930 + +info: + name: > + NC Wishlist for Woocommerce <= 1.0.1 - Authenticated (Subscriber+) SQL Injection + author: topscoder + severity: low + description: > + The NC Wishlist for Woocommerce plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.0.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/eec9afef-2d71-4aa6-9b51-5be1ba51b8a5?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N + cvss-score: 6.5 + cve-id: CVE-2025-22505 + metadata: + fofa-query: "wp-content/plugins/nc-wishlist-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/nc-wishlist-for-woocommerce/" + shodan-query: 'vuln:CVE-2025-22505' + tags: cve,wordpress,wp-plugin,nc-wishlist-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nc-wishlist-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nc-wishlist-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22506-5a3f3fe3f289c44d374aeb28be21e479.yaml b/nuclei-templates/2025/CVE-2025-22506-5a3f3fe3f289c44d374aeb28be21e479.yaml new file mode 100644 index 0000000000..6ed3e667f8 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22506-5a3f3fe3f289c44d374aeb28be21e479.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22506-5a3f3fe3f289c44d374aeb28be21e479 + +info: + name: > + Smart Agenda <= 4.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Smart Agenda – Prise de rendez-vous en ligne plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.7. This is due to missing or incorrect nonce validation on the smartagenda_options_page_html() function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6401fca3-0e2b-4fb2-8f5e-ef64c2e4a1c8?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-22506 + metadata: + fofa-query: "wp-content/plugins/smart-agenda-prise-de-rendez-vous-en-ligne/" + google-query: inurl:"/wp-content/plugins/smart-agenda-prise-de-rendez-vous-en-ligne/" + shodan-query: 'vuln:CVE-2025-22506' + tags: cve,wordpress,wp-plugin,smart-agenda-prise-de-rendez-vous-en-ligne,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/smart-agenda-prise-de-rendez-vous-en-ligne/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "smart-agenda-prise-de-rendez-vous-en-ligne" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.7') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22507-a24d35b9368d986cbce151bd2858e3f3.yaml b/nuclei-templates/2025/CVE-2025-22507-a24d35b9368d986cbce151bd2858e3f3.yaml new file mode 100644 index 0000000000..5f164301aa --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22507-a24d35b9368d986cbce151bd2858e3f3.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22507-a24d35b9368d986cbce151bd2858e3f3 + +info: + name: > + WPMU Prefill Post <= 1.02 - Authenticated (Administrator+) SQL Injection + author: topscoder + severity: low + description: > + The WPMU Prefill Post plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.02 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/013f6ad0-6ef1-44a1-9925-c60c61314f70?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N + cvss-score: 4.9 + cve-id: CVE-2025-22507 + metadata: + fofa-query: "wp-content/plugins/wpmu-prefill-post/" + google-query: inurl:"/wp-content/plugins/wpmu-prefill-post/" + shodan-query: 'vuln:CVE-2025-22507' + tags: cve,wordpress,wp-plugin,wpmu-prefill-post,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpmu-prefill-post/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpmu-prefill-post" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.02') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22508-e422d103103876288d6534c871c2f730.yaml b/nuclei-templates/2025/CVE-2025-22508-e422d103103876288d6534c871c2f730.yaml new file mode 100644 index 0000000000..687a049494 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22508-e422d103103876288d6534c871c2f730.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22508-e422d103103876288d6534c871c2f730 + +info: + name: > + FAT Event Lite <= 1.1 - Unauthenticated Local File Inclusion + author: topscoder + severity: critical + description: > + The FAT Event Lite plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.1. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ca868ec4-9d28-4edd-b31c-a8546f9ced9e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2025-22508 + metadata: + fofa-query: "wp-content/plugins/fat-event-lite/" + google-query: inurl:"/wp-content/plugins/fat-event-lite/" + shodan-query: 'vuln:CVE-2025-22508' + tags: cve,wordpress,wp-plugin,fat-event-lite,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fat-event-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fat-event-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22510-5c4768741e148c5b83c03e6291c1e021.yaml b/nuclei-templates/2025/CVE-2025-22510-5c4768741e148c5b83c03e6291c1e021.yaml new file mode 100644 index 0000000000..3d968d6afa --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22510-5c4768741e148c5b83c03e6291c1e021.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22510-5c4768741e148c5b83c03e6291c1e021 + +info: + name: > + WC Price History for Omnibus <= 2.1.4 - Authenticated (Shop manager+) PHP Object Injection + author: topscoder + severity: low + description: > + The WC Price History for Omnibus plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.1.4 via deserialization of untrusted input. This makes it possible for authenticated attackers, with shop manager-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4af0e984-896d-4938-a870-8a50644d4823?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H + cvss-score: 7.2 + cve-id: CVE-2025-22510 + metadata: + fofa-query: "wp-content/plugins/wc-price-history/" + google-query: inurl:"/wp-content/plugins/wc-price-history/" + shodan-query: 'vuln:CVE-2025-22510' + tags: cve,wordpress,wp-plugin,wc-price-history,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wc-price-history/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wc-price-history" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.4') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22511-4d68014cee2621b16bd2bf2b72d46424.yaml b/nuclei-templates/2025/CVE-2025-22511-4d68014cee2621b16bd2bf2b72d46424.yaml new file mode 100644 index 0000000000..2fb8c45832 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22511-4d68014cee2621b16bd2bf2b72d46424.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22511-4d68014cee2621b16bd2bf2b72d46424 + +info: + name: > + Slides & Presentations <= 0.0.39 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Slides & Presentations plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 0.0.39 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/406ec4be-12de-45fa-861a-83d26d2ac401?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22511 + metadata: + fofa-query: "wp-content/plugins/slide/" + google-query: inurl:"/wp-content/plugins/slide/" + shodan-query: 'vuln:CVE-2025-22511' + tags: cve,wordpress,wp-plugin,slide,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/slide/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "slide" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.0.39') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22512-071cdcdc72df5c47cc7fe8b117fc1ac7.yaml b/nuclei-templates/2025/CVE-2025-22512-071cdcdc72df5c47cc7fe8b117fc1ac7.yaml new file mode 100644 index 0000000000..04275e8f65 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22512-071cdcdc72df5c47cc7fe8b117fc1ac7.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22512-071cdcdc72df5c47cc7fe8b117fc1ac7 + +info: + name: > + Help Scout <= 6.5.4 - Missing Authorization + author: topscoder + severity: high + description: > + The Help Scout plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 6.5.4. This makes it possible for unauthenticated attackers to perform an unauthorized action. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/24b87f27-f2de-4e5f-95df-bb5719c9e790?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N + cvss-score: 5.3 + cve-id: CVE-2025-22512 + metadata: + fofa-query: "wp-content/plugins/help-scout/" + google-query: inurl:"/wp-content/plugins/help-scout/" + shodan-query: 'vuln:CVE-2025-22512' + tags: cve,wordpress,wp-plugin,help-scout,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/help-scout/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "help-scout" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.5.4') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22514-fc400f1f5c83a2421bdc06d775635908.yaml b/nuclei-templates/2025/CVE-2025-22514-fc400f1f5c83a2421bdc06d775635908.yaml new file mode 100644 index 0000000000..160e1ee1be --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22514-fc400f1f5c83a2421bdc06d775635908.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22514-fc400f1f5c83a2421bdc06d775635908 + +info: + name: > + KNR Author List Widget <= 3.1.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The KNR Author List Widget plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 3.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b34db1a8-13ee-45dd-9d05-90410bc3604d?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-22514 + metadata: + fofa-query: "wp-content/plugins/knr-author-list-widget/" + google-query: inurl:"/wp-content/plugins/knr-author-list-widget/" + shodan-query: 'vuln:CVE-2025-22514' + tags: cve,wordpress,wp-plugin,knr-author-list-widget,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/knr-author-list-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "knr-author-list-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22515-bf3418448afae7bc133096c51ec5f253.yaml b/nuclei-templates/2025/CVE-2025-22515-bf3418448afae7bc133096c51ec5f253.yaml new file mode 100644 index 0000000000..1695795ec4 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22515-bf3418448afae7bc133096c51ec5f253.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22515-bf3418448afae7bc133096c51ec5f253 + +info: + name: > + Show Google Analytics widget <= 1.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Show Google Analytics widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.5.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cc010feb-52bc-4775-a011-c0415cf5821c?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22515 + metadata: + fofa-query: "wp-content/plugins/show-google-analytics-widget/" + google-query: inurl:"/wp-content/plugins/show-google-analytics-widget/" + shodan-query: 'vuln:CVE-2025-22515' + tags: cve,wordpress,wp-plugin,show-google-analytics-widget,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/show-google-analytics-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "show-google-analytics-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.4') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22516-33d7a381ac9c589f766768fd84e8a002.yaml b/nuclei-templates/2025/CVE-2025-22516-33d7a381ac9c589f766768fd84e8a002.yaml new file mode 100644 index 0000000000..1c21ec093d --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22516-33d7a381ac9c589f766768fd84e8a002.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22516-33d7a381ac9c589f766768fd84e8a002 + +info: + name: > + Metadata SEO <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Metadata SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e933b71b-5212-4930-94ef-b4bbe8250bad?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22516 + metadata: + fofa-query: "wp-content/plugins/metadata-seo/" + google-query: inurl:"/wp-content/plugins/metadata-seo/" + shodan-query: 'vuln:CVE-2025-22516' + tags: cve,wordpress,wp-plugin,metadata-seo,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/metadata-seo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "metadata-seo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22517-15bf88dfc05e490a8c4ba16ba82ef47c.yaml b/nuclei-templates/2025/CVE-2025-22517-15bf88dfc05e490a8c4ba16ba82ef47c.yaml new file mode 100644 index 0000000000..523ede60b6 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22517-15bf88dfc05e490a8c4ba16ba82ef47c.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22517-15bf88dfc05e490a8c4ba16ba82ef47c + +info: + name: > + List Pages at Depth <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The List Pages at Depth plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2b0cd80c-8bad-46c3-9964-cdacfd4144bd?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22517 + metadata: + fofa-query: "wp-content/plugins/list-pages-at-depth/" + google-query: inurl:"/wp-content/plugins/list-pages-at-depth/" + shodan-query: 'vuln:CVE-2025-22517' + tags: cve,wordpress,wp-plugin,list-pages-at-depth,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/list-pages-at-depth/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "list-pages-at-depth" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22518-96dfd223ab8bb3b27a25fd4dba2cf5b4.yaml b/nuclei-templates/2025/CVE-2025-22518-96dfd223ab8bb3b27a25fd4dba2cf5b4.yaml new file mode 100644 index 0000000000..a2fd76a2a5 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22518-96dfd223ab8bb3b27a25fd4dba2cf5b4.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22518-96dfd223ab8bb3b27a25fd4dba2cf5b4 + +info: + name: > + Justified Image Gallery <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Justified Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/95cb355f-0f3a-4eb1-b218-e6b0c457d0e7?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22518 + metadata: + fofa-query: "wp-content/plugins/justified-image-gallery/" + google-query: inurl:"/wp-content/plugins/justified-image-gallery/" + shodan-query: 'vuln:CVE-2025-22518' + tags: cve,wordpress,wp-plugin,justified-image-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/justified-image-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "justified-image-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22519-5f0c4a59d3ab4c6003212a001d126e1b.yaml b/nuclei-templates/2025/CVE-2025-22519-5f0c4a59d3ab4c6003212a001d126e1b.yaml new file mode 100644 index 0000000000..5bfee2847e --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22519-5f0c4a59d3ab4c6003212a001d126e1b.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22519-5f0c4a59d3ab4c6003212a001d126e1b + +info: + name: > + eDoc Easy Tables <= 1.29 - Authenticated (Contributor+) SQL Injection + author: topscoder + severity: low + description: > + The eDoc Easy Tables plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.29 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5a109434-4e52-4823-8c5b-d755cb7cbdf9?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N + cvss-score: 6.5 + cve-id: CVE-2025-22519 + metadata: + fofa-query: "wp-content/plugins/edoc-easy-tables/" + google-query: inurl:"/wp-content/plugins/edoc-easy-tables/" + shodan-query: 'vuln:CVE-2025-22519' + tags: cve,wordpress,wp-plugin,edoc-easy-tables,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/edoc-easy-tables/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "edoc-easy-tables" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.29') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22520-e199b1febc3d0e4b83eedd56c5c3bf71.yaml b/nuclei-templates/2025/CVE-2025-22520-e199b1febc3d0e4b83eedd56c5c3bf71.yaml new file mode 100644 index 0000000000..406f02c5e5 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22520-e199b1febc3d0e4b83eedd56c5c3bf71.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22520-e199b1febc3d0e4b83eedd56c5c3bf71 + +info: + name: > + Tock Widget <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Tock Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation in the /includes/tock-admin-page.php file. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/287d02ba-9cf0-446a-9393-036bd42b7aef?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-22520 + metadata: + fofa-query: "wp-content/plugins/tock-widget/" + google-query: inurl:"/wp-content/plugins/tock-widget/" + shodan-query: 'vuln:CVE-2025-22520' + tags: cve,wordpress,wp-plugin,tock-widget,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tock-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tock-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22521-bdfa960cc1ab8f15fbef20a1c898f292.yaml b/nuclei-templates/2025/CVE-2025-22521-bdfa960cc1ab8f15fbef20a1c898f292.yaml new file mode 100644 index 0000000000..aeb1ddf829 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22521-bdfa960cc1ab8f15fbef20a1c898f292.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22521-bdfa960cc1ab8f15fbef20a1c898f292 + +info: + name: > + wp Hosting Performance Check <= 2.18.8 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The wp Hosting Performance Check plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.18.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/42aa17f0-9c97-407f-8fbf-3c25794ac750?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-22521 + metadata: + fofa-query: "wp-content/plugins/wp-hosting-performance-check/" + google-query: inurl:"/wp-content/plugins/wp-hosting-performance-check/" + shodan-query: 'vuln:CVE-2025-22521' + tags: cve,wordpress,wp-plugin,wp-hosting-performance-check,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-hosting-performance-check/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-hosting-performance-check" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.18.8') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22522-88bb1b739c558e5f2e0190ef7a42b19b.yaml b/nuclei-templates/2025/CVE-2025-22522-88bb1b739c558e5f2e0190ef7a42b19b.yaml new file mode 100644 index 0000000000..301b7c3dc1 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22522-88bb1b739c558e5f2e0190ef7a42b19b.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22522-88bb1b739c558e5f2e0190ef7a42b19b + +info: + name: > + SingSong <= 1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The SingSong plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5537c46d-1df3-4d24-b1c0-851c22c6ae79?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-22522 + metadata: + fofa-query: "wp-content/plugins/singsong/" + google-query: inurl:"/wp-content/plugins/singsong/" + shodan-query: 'vuln:CVE-2025-22522' + tags: cve,wordpress,wp-plugin,singsong,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/singsong/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "singsong" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22524-020d705cc2086f036911e970b520d9f6.yaml b/nuclei-templates/2025/CVE-2025-22524-020d705cc2086f036911e970b520d9f6.yaml new file mode 100644 index 0000000000..c707133cad --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22524-020d705cc2086f036911e970b520d9f6.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22524-020d705cc2086f036911e970b520d9f6 + +info: + name: > + formafzar <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The فرم ساز فرم افزار plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0a5fdadc-9229-45d4-b6cb-2fb81b39f31e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22524 + metadata: + fofa-query: "wp-content/plugins/formafzar/" + google-query: inurl:"/wp-content/plugins/formafzar/" + shodan-query: 'vuln:CVE-2025-22524' + tags: cve,wordpress,wp-plugin,formafzar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/formafzar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "formafzar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22525-204e40a5dc1aaea97e6e6d22a931da68.yaml b/nuclei-templates/2025/CVE-2025-22525-204e40a5dc1aaea97e6e6d22a931da68.yaml new file mode 100644 index 0000000000..d4ed3a4d18 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22525-204e40a5dc1aaea97e6e6d22a931da68.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22525-204e40a5dc1aaea97e6e6d22a931da68 + +info: + name: > + Donation Block For PayPal <= 2.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Donation Block For PayPal plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/240bf16c-2535-45ae-939b-e288225a3082?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22525 + metadata: + fofa-query: "wp-content/plugins/donations-block/" + google-query: inurl:"/wp-content/plugins/donations-block/" + shodan-query: 'vuln:CVE-2025-22525' + tags: cve,wordpress,wp-plugin,donations-block,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/donations-block/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "donations-block" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22527-730c8f514159f99aa490369d2ad23a33.yaml b/nuclei-templates/2025/CVE-2025-22527-730c8f514159f99aa490369d2ad23a33.yaml new file mode 100644 index 0000000000..b1ccc0aaed --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22527-730c8f514159f99aa490369d2ad23a33.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22527-730c8f514159f99aa490369d2ad23a33 + +info: + name: > + Mailing Group Listserv <= 2.0.9 - Authenticated (Administrator+) SQL Injection + author: topscoder + severity: low + description: > + The Mailing Group Listserv plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 2.0.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/07dc60e0-a0b4-4db6-8033-ebd01fb697d0?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N + cvss-score: 4.9 + cve-id: CVE-2025-22527 + metadata: + fofa-query: "wp-content/plugins/wp-mailing-group/" + google-query: inurl:"/wp-content/plugins/wp-mailing-group/" + shodan-query: 'vuln:CVE-2025-22527' + tags: cve,wordpress,wp-plugin,wp-mailing-group,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-mailing-group/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-mailing-group" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.9') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22528-b0eb8b1a36511aafc940ebcbf0c149ee.yaml b/nuclei-templates/2025/CVE-2025-22528-b0eb8b1a36511aafc940ebcbf0c149ee.yaml new file mode 100644 index 0000000000..9ce89bef9c --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22528-b0eb8b1a36511aafc940ebcbf0c149ee.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22528-b0eb8b1a36511aafc940ebcbf0c149ee + +info: + name: > + Huurkalender WP <= 1.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Huurkalender WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.5.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7a1ee5da-4e15-427a-96bc-0d1a015cdb17?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22528 + metadata: + fofa-query: "wp-content/plugins/huurkalender-wp/" + google-query: inurl:"/wp-content/plugins/huurkalender-wp/" + shodan-query: 'vuln:CVE-2025-22528' + tags: cve,wordpress,wp-plugin,huurkalender-wp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/huurkalender-wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "huurkalender-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.6') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22529-a3c542f70163b55af4118cf89c499fb2.yaml b/nuclei-templates/2025/CVE-2025-22529-a3c542f70163b55af4118cf89c499fb2.yaml new file mode 100644 index 0000000000..ea8b742f3c --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22529-a3c542f70163b55af4118cf89c499fb2.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22529-a3c542f70163b55af4118cf89c499fb2 + +info: + name: > + WE Blocks <= 1.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The WE Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f742dc8a-530b-41e6-ac82-52770952f619?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22529 + metadata: + fofa-query: "wp-content/plugins/we-blocks/" + google-query: inurl:"/wp-content/plugins/we-blocks/" + shodan-query: 'vuln:CVE-2025-22529' + tags: cve,wordpress,wp-plugin,we-blocks,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/we-blocks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "we-blocks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.5') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22530-9e541e850ddc48a481853a7d0a0aa86d.yaml b/nuclei-templates/2025/CVE-2025-22530-9e541e850ddc48a481853a7d0a0aa86d.yaml new file mode 100644 index 0000000000..5b46520b5d --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22530-9e541e850ddc48a481853a7d0a0aa86d.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22530-9e541e850ddc48a481853a7d0a0aa86d + +info: + name: > + 아임포트 결제버튼 생성 플러그인 <= 1.1.19 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The 아임포트 결제버튼 생성 플러그인 plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/aba673c8-694f-4ae7-96cb-3624e3cc0ed2?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22530 + metadata: + fofa-query: "wp-content/plugins/iamport-payment/" + google-query: inurl:"/wp-content/plugins/iamport-payment/" + shodan-query: 'vuln:CVE-2025-22530' + tags: cve,wordpress,wp-plugin,iamport-payment,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/iamport-payment/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "iamport-payment" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.19') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22531-2382276cece12cfd50cf1626482393f2.yaml b/nuclei-templates/2025/CVE-2025-22531-2382276cece12cfd50cf1626482393f2.yaml new file mode 100644 index 0000000000..993aa1e340 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22531-2382276cece12cfd50cf1626482393f2.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22531-2382276cece12cfd50cf1626482393f2 + +info: + name: > + Urdu Formatter – Shamil <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Urdu Formatter – Shamil plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e3e698e-0f98-43ca-b4c1-d45fe3c9b284?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22531 + metadata: + fofa-query: "wp-content/plugins/urdu-formatter-shamil/" + google-query: inurl:"/wp-content/plugins/urdu-formatter-shamil/" + shodan-query: 'vuln:CVE-2025-22531' + tags: cve,wordpress,wp-plugin,urdu-formatter-shamil,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/urdu-formatter-shamil/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "urdu-formatter-shamil" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22532-fe42491cd4a9482d5eb6bdde865fefe5.yaml b/nuclei-templates/2025/CVE-2025-22532-fe42491cd4a9482d5eb6bdde865fefe5.yaml new file mode 100644 index 0000000000..0fa1780ab5 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22532-fe42491cd4a9482d5eb6bdde865fefe5.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22532-fe42491cd4a9482d5eb6bdde865fefe5 + +info: + name: > + Simple Photo Sphere <= 0.0.10 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Simple Photo Sphere plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 0.0.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/063f47f5-277c-420e-b080-fd4908468848?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22532 + metadata: + fofa-query: "wp-content/plugins/simple-photo-sphere/" + google-query: inurl:"/wp-content/plugins/simple-photo-sphere/" + shodan-query: 'vuln:CVE-2025-22532' + tags: cve,wordpress,wp-plugin,simple-photo-sphere,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-photo-sphere/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-photo-sphere" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.0.10') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22533-38460c67efb7e17b651cb5754982c671.yaml b/nuclei-templates/2025/CVE-2025-22533-38460c67efb7e17b651cb5754982c671.yaml new file mode 100644 index 0000000000..ef512d33bd --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22533-38460c67efb7e17b651cb5754982c671.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22533-38460c67efb7e17b651cb5754982c671 + +info: + name: > + WOOEXIM <= 5.0.0 - Authenticated (Administrator+) SQL Injection + author: topscoder + severity: low + description: > + The WOOEXIM plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 5.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6fa5a20e-d3e9-4def-be50-89f5310211f7?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N + cvss-score: 4.9 + cve-id: CVE-2025-22533 + metadata: + fofa-query: "wp-content/plugins/wooexim/" + google-query: inurl:"/wp-content/plugins/wooexim/" + shodan-query: 'vuln:CVE-2025-22533' + tags: cve,wordpress,wp-plugin,wooexim,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wooexim/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wooexim" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.0.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22534-d5d316ef9eddc7fe335f9e2f579b3451.yaml b/nuclei-templates/2025/CVE-2025-22534-d5d316ef9eddc7fe335f9e2f579b3451.yaml new file mode 100644 index 0000000000..2b7a88e0c7 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22534-d5d316ef9eddc7fe335f9e2f579b3451.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22534-d5d316ef9eddc7fe335f9e2f579b3451 + +info: + name: > + Slides & Presentations <= 0.0.39 - Missing Authorization + author: topscoder + severity: low + description: > + The Slides & Presentations plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 0.0.39. This makes it possible for authenticated attackers, with Contributor-level access and above, to perform an unauthorized action. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6314f5ce-4f19-4b04-b9d9-15874e792208?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2025-22534 + metadata: + fofa-query: "wp-content/plugins/slide/" + google-query: inurl:"/wp-content/plugins/slide/" + shodan-query: 'vuln:CVE-2025-22534' + tags: cve,wordpress,wp-plugin,slide,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/slide/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "slide" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.0.39') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22535-5a6e63e96d98f56d2dea76ebb1547639.yaml b/nuclei-templates/2025/CVE-2025-22535-5a6e63e96d98f56d2dea76ebb1547639.yaml new file mode 100644 index 0000000000..a5cc7d2d58 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22535-5a6e63e96d98f56d2dea76ebb1547639.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22535-5a6e63e96d98f56d2dea76ebb1547639 + +info: + name: > + WPListCal <= 1.3.5 - Authenticated (Subscriber+) SQL Injection + author: topscoder + severity: low + description: > + The WPListCal plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4fdfbc46-3e8e-4db1-8778-d46121168d93?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N + cvss-score: 6.5 + cve-id: CVE-2025-22535 + metadata: + fofa-query: "wp-content/plugins/wplistcal/" + google-query: inurl:"/wp-content/plugins/wplistcal/" + shodan-query: 'vuln:CVE-2025-22535' + tags: cve,wordpress,wp-plugin,wplistcal,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wplistcal/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wplistcal" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.5') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22536-2234102d11b82d77a75c550a65280364.yaml b/nuclei-templates/2025/CVE-2025-22536-2234102d11b82d77a75c550a65280364.yaml new file mode 100644 index 0000000000..88248ea5d6 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22536-2234102d11b82d77a75c550a65280364.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22536-2234102d11b82d77a75c550a65280364 + +info: + name: > + WP Music Player <= 1.3 - Authenticated (Administrator+) SQL Injection + author: topscoder + severity: low + description: > + The WP Music Player plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/91173862-4f2d-4ca5-a58e-6fdaaeb71fc7?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N + cvss-score: 4.9 + cve-id: CVE-2025-22536 + metadata: + fofa-query: "wp-content/plugins/wp-music-player/" + google-query: inurl:"/wp-content/plugins/wp-music-player/" + shodan-query: 'vuln:CVE-2025-22536' + tags: cve,wordpress,wp-plugin,wp-music-player,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-music-player/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-music-player" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22537-73c4303965117e18c61892c313aac6d9.yaml b/nuclei-templates/2025/CVE-2025-22537-73c4303965117e18c61892c313aac6d9.yaml new file mode 100644 index 0000000000..a9fc99b205 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22537-73c4303965117e18c61892c313aac6d9.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22537-73c4303965117e18c61892c313aac6d9 + +info: + name: > + Google Maps Travel Route <= 1.3.1 - Authenticated (Subscriber+) SQL Injection + author: topscoder + severity: low + description: > + The Google Maps Travel Route plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7f42730f-f701-4f35-a240-5fa4229dff8b?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N + cvss-score: 6.5 + cve-id: CVE-2025-22537 + metadata: + fofa-query: "wp-content/plugins/google-maps-travel-route/" + google-query: inurl:"/wp-content/plugins/google-maps-travel-route/" + shodan-query: 'vuln:CVE-2025-22537' + tags: cve,wordpress,wp-plugin,google-maps-travel-route,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/google-maps-travel-route/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "google-maps-travel-route" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22538-677aba1921c83327f2cf7dcd2b49dd5f.yaml b/nuclei-templates/2025/CVE-2025-22538-677aba1921c83327f2cf7dcd2b49dd5f.yaml new file mode 100644 index 0000000000..cc94c87af4 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22538-677aba1921c83327f2cf7dcd2b49dd5f.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22538-677aba1921c83327f2cf7dcd2b49dd5f + +info: + name: > + Virtual Bot <= 1.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Virtual Bot plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/662eb948-e1d2-4a11-a139-16d277cd5c53?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-22538 + metadata: + fofa-query: "wp-content/plugins/virtual-bot/" + google-query: inurl:"/wp-content/plugins/virtual-bot/" + shodan-query: 'vuln:CVE-2025-22538' + tags: cve,wordpress,wp-plugin,virtual-bot,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/virtual-bot/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "virtual-bot" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22539-61fe27735a2e4519b40fea52cf7f4e2a.yaml b/nuclei-templates/2025/CVE-2025-22539-61fe27735a2e4519b40fea52cf7f4e2a.yaml new file mode 100644 index 0000000000..2a876d5b2e --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22539-61fe27735a2e4519b40fea52cf7f4e2a.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22539-61fe27735a2e4519b40fea52cf7f4e2a + +info: + name: > + Custom DataBase Tables <= 2.1.34 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Custom DataBase Tables plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.1.34 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e8f6cabb-ecf5-44f1-bc39-20d9dc989600?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-22539 + metadata: + fofa-query: "wp-content/plugins/custom-database-tables/" + google-query: inurl:"/wp-content/plugins/custom-database-tables/" + shodan-query: 'vuln:CVE-2025-22539' + tags: cve,wordpress,wp-plugin,custom-database-tables,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-database-tables/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-database-tables" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.34') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22540-e949355f947738772c26cee2f1767ad2.yaml b/nuclei-templates/2025/CVE-2025-22540-e949355f947738772c26cee2f1767ad2.yaml new file mode 100644 index 0000000000..8c1d111e26 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22540-e949355f947738772c26cee2f1767ad2.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22540-e949355f947738772c26cee2f1767ad2 + +info: + name: > + Emailing Subscription <= 1.4.1 - Unauthenticated SQL Injection + author: topscoder + severity: critical + description: > + The Emailing Subscription plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.4.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0e0ebe1d-b6cf-4ff5-ae6c-c8c226a000d4?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cve-id: CVE-2025-22540 + metadata: + fofa-query: "wp-content/plugins/email-suscripcion/" + google-query: inurl:"/wp-content/plugins/email-suscripcion/" + shodan-query: 'vuln:CVE-2025-22540' + tags: cve,wordpress,wp-plugin,email-suscripcion,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/email-suscripcion/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "email-suscripcion" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22541-0b414e6330ca480956bc24e6195e74c2.yaml b/nuclei-templates/2025/CVE-2025-22541-0b414e6330ca480956bc24e6195e74c2.yaml new file mode 100644 index 0000000000..6991b6fcb4 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22541-0b414e6330ca480956bc24e6195e74c2.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22541-0b414e6330ca480956bc24e6195e74c2 + +info: + name: > + WP Delete Post Copies <= 5.5 - Missing Authorization + author: topscoder + severity: low + description: > + The WP Delete Post Copies plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 5.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0407c2fa-5bca-4ef2-bba7-e5975ea94f60?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2025-22541 + metadata: + fofa-query: "wp-content/plugins/etruel-del-post-copies/" + google-query: inurl:"/wp-content/plugins/etruel-del-post-copies/" + shodan-query: 'vuln:CVE-2025-22541' + tags: cve,wordpress,wp-plugin,etruel-del-post-copies,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/etruel-del-post-copies/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "etruel-del-post-copies" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.5') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22542-190b314308255e79da688ec05ac59711.yaml b/nuclei-templates/2025/CVE-2025-22542-190b314308255e79da688ec05ac59711.yaml new file mode 100644 index 0000000000..26cb44f4fd --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22542-190b314308255e79da688ec05ac59711.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22542-190b314308255e79da688ec05ac59711 + +info: + name: > + Virtual Bot <= 1.0.0 - Unauthenticated SQL Injection + author: topscoder + severity: critical + description: > + The Virtual Bot plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6931b3b3-b1b5-4ab8-8592-82332d16168c?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cve-id: CVE-2025-22542 + metadata: + fofa-query: "wp-content/plugins/virtual-bot/" + google-query: inurl:"/wp-content/plugins/virtual-bot/" + shodan-query: 'vuln:CVE-2025-22542' + tags: cve,wordpress,wp-plugin,virtual-bot,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/virtual-bot/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "virtual-bot" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22543-cc6f885e8e393f137fec78e5c3c84f77.yaml b/nuclei-templates/2025/CVE-2025-22543-cc6f885e8e393f137fec78e5c3c84f77.yaml new file mode 100644 index 0000000000..8bc61781d1 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22543-cc6f885e8e393f137fec78e5c3c84f77.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22543-cc6f885e8e393f137fec78e5c3c84f77 + +info: + name: > + ST Gallery WP <= 1.0.8 - Missing Authorization to Authenticated (Subscriber+) Settings Update + author: topscoder + severity: low + description: > + The ST Gallery WP plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.0.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugin's settings. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/af4a21b4-9032-4c57-a762-6ad8ba772c63?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2025-22543 + metadata: + fofa-query: "wp-content/plugins/st-gallery-wp/" + google-query: inurl:"/wp-content/plugins/st-gallery-wp/" + shodan-query: 'vuln:CVE-2025-22543' + tags: cve,wordpress,wp-plugin,st-gallery-wp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/st-gallery-wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "st-gallery-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.8') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22544-2c62fef6dd80ec78966ced75f89db4cd.yaml b/nuclei-templates/2025/CVE-2025-22544-2c62fef6dd80ec78966ced75f89db4cd.yaml new file mode 100644 index 0000000000..c1c0250683 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22544-2c62fef6dd80ec78966ced75f89db4cd.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22544-2c62fef6dd80ec78966ced75f89db4cd + +info: + name: > + Mind Doodle Visual Sitemaps & Tasks <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Mind Doodle Visual Sitemaps & Tasks plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e354642a-b817-4490-8738-3edfc3777143?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22544 + metadata: + fofa-query: "wp-content/plugins/mind-doodle-sitemap/" + google-query: inurl:"/wp-content/plugins/mind-doodle-sitemap/" + shodan-query: 'vuln:CVE-2025-22544' + tags: cve,wordpress,wp-plugin,mind-doodle-sitemap,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mind-doodle-sitemap/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mind-doodle-sitemap" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22545-0d3d2158a9245fab4fb7b9262b8244aa.yaml b/nuclei-templates/2025/CVE-2025-22545-0d3d2158a9245fab4fb7b9262b8244aa.yaml new file mode 100644 index 0000000000..06efc59385 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22545-0d3d2158a9245fab4fb7b9262b8244aa.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22545-0d3d2158a9245fab4fb7b9262b8244aa + +info: + name: > + iframe to embed <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The iframe to embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/64d0c9f4-bc44-4349-977a-2ba3f12d7398?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22545 + metadata: + fofa-query: "wp-content/plugins/iframe-to-embed/" + google-query: inurl:"/wp-content/plugins/iframe-to-embed/" + shodan-query: 'vuln:CVE-2025-22545' + tags: cve,wordpress,wp-plugin,iframe-to-embed,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/iframe-to-embed/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "iframe-to-embed" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22546-2505457468a8b9368a3dbb8514e5eb6e.yaml b/nuclei-templates/2025/CVE-2025-22546-2505457468a8b9368a3dbb8514e5eb6e.yaml new file mode 100644 index 0000000000..86f067cc88 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22546-2505457468a8b9368a3dbb8514e5eb6e.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22546-2505457468a8b9368a3dbb8514e5eb6e + +info: + name: > + jQuery TwentyTwenty <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The jQuery TwentyTwenty plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/98fe007e-5a14-4a8b-9aa7-6ce836a3411e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22546 + metadata: + fofa-query: "wp-content/plugins/js-twentytwenty/" + google-query: inurl:"/wp-content/plugins/js-twentytwenty/" + shodan-query: 'vuln:CVE-2025-22546' + tags: cve,wordpress,wp-plugin,js-twentytwenty,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/js-twentytwenty/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "js-twentytwenty" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22547-13a97170ae81ee7910544f1452d86e5f.yaml b/nuclei-templates/2025/CVE-2025-22547-13a97170ae81ee7910544f1452d86e5f.yaml new file mode 100644 index 0000000000..e6c1eb7780 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22547-13a97170ae81ee7910544f1452d86e5f.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22547-13a97170ae81ee7910544f1452d86e5f + +info: + name: > + JK Html To Pdf <= 1.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The JK Html To Pdf plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ae46d949-eca0-4cd2-b458-229c027a6c3f?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-22547 + metadata: + fofa-query: "wp-content/plugins/jk-html-to-pdf/" + google-query: inurl:"/wp-content/plugins/jk-html-to-pdf/" + shodan-query: 'vuln:CVE-2025-22547' + tags: cve,wordpress,wp-plugin,jk-html-to-pdf,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jk-html-to-pdf/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jk-html-to-pdf" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22548-ad1e4c817f3a10fdc53f2b0d2f920d19.yaml b/nuclei-templates/2025/CVE-2025-22548-ad1e4c817f3a10fdc53f2b0d2f920d19.yaml new file mode 100644 index 0000000000..50ebff1eba --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22548-ad1e4c817f3a10fdc53f2b0d2f920d19.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22548-ad1e4c817f3a10fdc53f2b0d2f920d19 + +info: + name: > + ldap_login_password_and_role_manager <= 1.0.12 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The ldap_login_password_and_role_manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.12. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/51214710-3fd4-426c-95fa-f29735822c54?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-22548 + metadata: + fofa-query: "wp-content/plugins/ldap-login-password-and-role-manager/" + google-query: inurl:"/wp-content/plugins/ldap-login-password-and-role-manager/" + shodan-query: 'vuln:CVE-2025-22548' + tags: cve,wordpress,wp-plugin,ldap-login-password-and-role-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ldap-login-password-and-role-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ldap-login-password-and-role-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.12') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22549-3fa5e9c20ba87932406fad01142ce193.yaml b/nuclei-templates/2025/CVE-2025-22549-3fa5e9c20ba87932406fad01142ce193.yaml new file mode 100644 index 0000000000..03ab63f916 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22549-3fa5e9c20ba87932406fad01142ce193.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22549-3fa5e9c20ba87932406fad01142ce193 + +info: + name: > + WP Github <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The WP Github plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1fd45d76-d82b-46e6-b9fc-95d2d977fcd2?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22549 + metadata: + fofa-query: "wp-content/plugins/wp-github/" + google-query: inurl:"/wp-content/plugins/wp-github/" + shodan-query: 'vuln:CVE-2025-22549' + tags: cve,wordpress,wp-plugin,wp-github,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-github/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-github" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.3') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22550-ad1431c100b3487631865bf56051e703.yaml b/nuclei-templates/2025/CVE-2025-22550-ad1431c100b3487631865bf56051e703.yaml new file mode 100644 index 0000000000..4e9e94fdbe --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22550-ad1431c100b3487631865bf56051e703.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22550-ad1431c100b3487631865bf56051e703 + +info: + name: > + AddFunc Mobile Detect <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The AddFunc Mobile Detect plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8885fc41-1b3b-4170-9752-aea7628daf4f?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22550 + metadata: + fofa-query: "wp-content/plugins/addfunc-mobile-detect/" + google-query: inurl:"/wp-content/plugins/addfunc-mobile-detect/" + shodan-query: 'vuln:CVE-2025-22550' + tags: cve,wordpress,wp-plugin,addfunc-mobile-detect,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/addfunc-mobile-detect/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "addfunc-mobile-detect" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22551-640d0b18a124154d506373f1f09451c1.yaml b/nuclei-templates/2025/CVE-2025-22551-640d0b18a124154d506373f1f09451c1.yaml new file mode 100644 index 0000000000..393868394b --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22551-640d0b18a124154d506373f1f09451c1.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22551-640d0b18a124154d506373f1f09451c1 + +info: + name: > + Boot-Modal <= 1.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Boot-Modal plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/509a24ef-160a-4e54-bd83-ac1704a32766?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22551 + metadata: + fofa-query: "wp-content/plugins/boot-modal/" + google-query: inurl:"/wp-content/plugins/boot-modal/" + shodan-query: 'vuln:CVE-2025-22551' + tags: cve,wordpress,wp-plugin,boot-modal,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/boot-modal/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "boot-modal" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22552-93ffa7d8645dcf81247e4b7abcadc14a.yaml b/nuclei-templates/2025/CVE-2025-22552-93ffa7d8645dcf81247e4b7abcadc14a.yaml new file mode 100644 index 0000000000..c786f09565 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22552-93ffa7d8645dcf81247e4b7abcadc14a.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22552-93ffa7d8645dcf81247e4b7abcadc14a + +info: + name: > + Affiliate Disclosure Statement <= 0.3 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + The Affiliate Disclosure Statement plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.3. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c565f455-6c83-42af-9f79-dcf4d03320a8?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-22552 + metadata: + fofa-query: "wp-content/plugins/affiliate-disclosure-statement/" + google-query: inurl:"/wp-content/plugins/affiliate-disclosure-statement/" + shodan-query: 'vuln:CVE-2025-22552' + tags: cve,wordpress,wp-plugin,affiliate-disclosure-statement,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/affiliate-disclosure-statement/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "affiliate-disclosure-statement" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.3') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22554-ff161fb1da3878cfc7c56b585a6708f8.yaml b/nuclei-templates/2025/CVE-2025-22554-ff161fb1da3878cfc7c56b585a6708f8.yaml new file mode 100644 index 0000000000..cdca3572e5 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22554-ff161fb1da3878cfc7c56b585a6708f8.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22554-ff161fb1da3878cfc7c56b585a6708f8 + +info: + name: > + Video Embed Optimizer <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Video Embed Optimizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/acff618e-1fed-49c6-8713-c58d32b73382?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22554 + metadata: + fofa-query: "wp-content/plugins/video-embed-optimizer/" + google-query: inurl:"/wp-content/plugins/video-embed-optimizer/" + shodan-query: 'vuln:CVE-2025-22554' + tags: cve,wordpress,wp-plugin,video-embed-optimizer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/video-embed-optimizer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "video-embed-optimizer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22555-0c05b9fd87fa37410b79deeb430decd0.yaml b/nuclei-templates/2025/CVE-2025-22555-0c05b9fd87fa37410b79deeb430decd0.yaml new file mode 100644 index 0000000000..72a355d157 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22555-0c05b9fd87fa37410b79deeb430decd0.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22555-0c05b9fd87fa37410b79deeb430decd0 + +info: + name: > + Smoothness Slider Shortcode <= v1.2.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Smoothness Slider Shortcode plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, v1.2.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b1351915-5f00-48d0-a768-cd9aea533b60?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-22555 + metadata: + fofa-query: "wp-content/plugins/smoothness-slider-shortcode/" + google-query: inurl:"/wp-content/plugins/smoothness-slider-shortcode/" + shodan-query: 'vuln:CVE-2025-22555' + tags: cve,wordpress,wp-plugin,smoothness-slider-shortcode,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/smoothness-slider-shortcode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "smoothness-slider-shortcode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= v1.2.2') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22556-88931185d61e7cf664a204d20ffe7fb1.yaml b/nuclei-templates/2025/CVE-2025-22556-88931185d61e7cf664a204d20ffe7fb1.yaml new file mode 100644 index 0000000000..a960d4e434 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22556-88931185d61e7cf664a204d20ffe7fb1.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22556-88931185d61e7cf664a204d20ffe7fb1 + +info: + name: > + Norse Rune Oracle Plugin <= 1.4.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Norse Rune Oracle Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ff08a391-971b-4c78-80e0-1d72a3ae5f1c?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-22556 + metadata: + fofa-query: "wp-content/plugins/norse-runes-oracle/" + google-query: inurl:"/wp-content/plugins/norse-runes-oracle/" + shodan-query: 'vuln:CVE-2025-22556' + tags: cve,wordpress,wp-plugin,norse-runes-oracle,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/norse-runes-oracle/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "norse-runes-oracle" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.2') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22557-3636f405aa4e98a7093e1579e1596b90.yaml b/nuclei-templates/2025/CVE-2025-22557-3636f405aa4e98a7093e1579e1596b90.yaml new file mode 100644 index 0000000000..ccf8cbb408 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22557-3636f405aa4e98a7093e1579e1596b90.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22557-3636f405aa4e98a7093e1579e1596b90 + +info: + name: > + News Publisher Autopilot <= 2.1.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The News Publisher Autopilot plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.4. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/516d40c7-fc27-45df-bb08-fbafcd1c81a4?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-22557 + metadata: + fofa-query: "wp-content/plugins/wpm-news-api/" + google-query: inurl:"/wp-content/plugins/wpm-news-api/" + shodan-query: 'vuln:CVE-2025-22557' + tags: cve,wordpress,wp-plugin,wpm-news-api,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpm-news-api/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpm-news-api" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.4') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22558-ee6191d0a0e79e97330e7aa1d8abcee4.yaml b/nuclei-templates/2025/CVE-2025-22558-ee6191d0a0e79e97330e7aa1d8abcee4.yaml new file mode 100644 index 0000000000..fd2a9ec155 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22558-ee6191d0a0e79e97330e7aa1d8abcee4.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22558-ee6191d0a0e79e97330e7aa1d8abcee4 + +info: + name: > + mcjh button shortcode <= 1.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The mcjh button shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9cdf1b24-95fd-45e2-b303-36e033ed6ed4?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22558 + metadata: + fofa-query: "wp-content/plugins/mcjh-button-shortcode/" + google-query: inurl:"/wp-content/plugins/mcjh-button-shortcode/" + shodan-query: 'vuln:CVE-2025-22558' + tags: cve,wordpress,wp-plugin,mcjh-button-shortcode,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mcjh-button-shortcode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mcjh-button-shortcode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.4') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22559-954fbda06c09b2da3c1a9ca4b27ca92f.yaml b/nuclei-templates/2025/CVE-2025-22559-954fbda06c09b2da3c1a9ca4b27ca92f.yaml new file mode 100644 index 0000000000..facce6275d --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22559-954fbda06c09b2da3c1a9ca4b27ca92f.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22559-954fbda06c09b2da3c1a9ca4b27ca92f + +info: + name: > + TubePress.NET <= 4.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The TubePress.NET plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.0.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d08db182-bfbf-42bd-8070-cbd80b3b5759?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-22559 + metadata: + fofa-query: "wp-content/plugins/tubepressnet/" + google-query: inurl:"/wp-content/plugins/tubepressnet/" + shodan-query: 'vuln:CVE-2025-22559' + tags: cve,wordpress,wp-plugin,tubepressnet,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tubepressnet/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tubepressnet" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22560-25404d6a95b8eeb6fa4655a7ca516e7f.yaml b/nuclei-templates/2025/CVE-2025-22560-25404d6a95b8eeb6fa4655a7ca516e7f.yaml new file mode 100644 index 0000000000..f15f043b8e --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22560-25404d6a95b8eeb6fa4655a7ca516e7f.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22560-25404d6a95b8eeb6fa4655a7ca516e7f + +info: + name: > + Saoshyant Page Builder <= 3.8 - Missing Authorization + author: topscoder + severity: high + description: > + The Saoshyant Page Builder plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.8. This makes it possible for unauthenticated attackers to perform an unauthorized action. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/424b0de2-98ac-434f-98be-d2b0eec308ce?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N + cvss-score: 5.3 + cve-id: CVE-2025-22560 + metadata: + fofa-query: "wp-content/plugins/saoshyant-page-builder/" + google-query: inurl:"/wp-content/plugins/saoshyant-page-builder/" + shodan-query: 'vuln:CVE-2025-22560' + tags: cve,wordpress,wp-plugin,saoshyant-page-builder,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/saoshyant-page-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "saoshyant-page-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.8') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22561-01ae385143b44b84e57803ea8f4c3ba8.yaml b/nuclei-templates/2025/CVE-2025-22561-01ae385143b44b84e57803ea8f4c3ba8.yaml new file mode 100644 index 0000000000..5f3ce8670e --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22561-01ae385143b44b84e57803ea8f4c3ba8.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22561-01ae385143b44b84e57803ea8f4c3ba8 + +info: + name: > + Title Experiments Free <= 9.0.4 - Missing Authorization + author: topscoder + severity: low + description: > + The Title Experiments Free plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 9.0.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d4a15720-2535-4258-8d58-20818cdbd413?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2025-22561 + metadata: + fofa-query: "wp-content/plugins/wp-experiments-free/" + google-query: inurl:"/wp-content/plugins/wp-experiments-free/" + shodan-query: 'vuln:CVE-2025-22561' + tags: cve,wordpress,wp-plugin,wp-experiments-free,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-experiments-free/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-experiments-free" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.0.4') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22562-d253948e8c14fee39b85053303d5c152.yaml b/nuclei-templates/2025/CVE-2025-22562-d253948e8c14fee39b85053303d5c152.yaml new file mode 100644 index 0000000000..35260ee1dd --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22562-d253948e8c14fee39b85053303d5c152.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22562-d253948e8c14fee39b85053303d5c152 + +info: + name: > + Title Experiments Free <= 9.0.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + The Title Experiments Free plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 9.0.4. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7abf5f68-2a5f-4cdf-90cf-38dd7189b8c9?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2025-22562 + metadata: + fofa-query: "wp-content/plugins/wp-experiments-free/" + google-query: inurl:"/wp-content/plugins/wp-experiments-free/" + shodan-query: 'vuln:CVE-2025-22562' + tags: cve,wordpress,wp-plugin,wp-experiments-free,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-experiments-free/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-experiments-free" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.0.4') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22563-ce0e1f8c1ddca214ac6028c62d4d3e87.yaml b/nuclei-templates/2025/CVE-2025-22563-ce0e1f8c1ddca214ac6028c62d4d3e87.yaml new file mode 100644 index 0000000000..95953b11db --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22563-ce0e1f8c1ddca214ac6028c62d4d3e87.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22563-ce0e1f8c1ddca214ac6028c62d4d3e87 + +info: + name: > + Pretty Url <= 1.5.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + The Pretty Url plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.4. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e96588f8-5b74-43bd-801d-5f20a938337c?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2025-22563 + metadata: + fofa-query: "wp-content/plugins/pretty-url/" + google-query: inurl:"/wp-content/plugins/pretty-url/" + shodan-query: 'vuln:CVE-2025-22563' + tags: cve,wordpress,wp-plugin,pretty-url,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pretty-url/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pretty-url" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.4') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22567-ebe73dfd339fef7b7a2f1b05cff5cc35.yaml b/nuclei-templates/2025/CVE-2025-22567-ebe73dfd339fef7b7a2f1b05cff5cc35.yaml new file mode 100644 index 0000000000..755f2f0949 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22567-ebe73dfd339fef7b7a2f1b05cff5cc35.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22567-ebe73dfd339fef7b7a2f1b05cff5cc35 + +info: + name: > + TRUSTist REVIEWer <= 2.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The TRUSTist REVIEWer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2f0e7f9f-cc9b-4e90-a768-776c927b6d83?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-22567 + metadata: + fofa-query: "wp-content/plugins/trustist-reviewer/" + google-query: inurl:"/wp-content/plugins/trustist-reviewer/" + shodan-query: 'vuln:CVE-2025-22567' + tags: cve,wordpress,wp-plugin,trustist-reviewer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/trustist-reviewer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "trustist-reviewer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22568-5f41b2c5fa0d57353fce6335dbbf02e5.yaml b/nuclei-templates/2025/CVE-2025-22568-5f41b2c5fa0d57353fce6335dbbf02e5.yaml new file mode 100644 index 0000000000..5a3d85c186 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22568-5f41b2c5fa0d57353fce6335dbbf02e5.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22568-5f41b2c5fa0d57353fce6335dbbf02e5 + +info: + name: > + Post And Page Reactions <= 1.0.5 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Post And Page Reactions plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/58f35c9f-7df6-4439-9c92-cf9a11d609e2?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-22568 + metadata: + fofa-query: "wp-content/plugins/post-and-page-reactions/" + google-query: inurl:"/wp-content/plugins/post-and-page-reactions/" + shodan-query: 'vuln:CVE-2025-22568' + tags: cve,wordpress,wp-plugin,post-and-page-reactions,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/post-and-page-reactions/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "post-and-page-reactions" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.5') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22569-ece449599b6b3e3c3e5c171ee4f7240c.yaml b/nuclei-templates/2025/CVE-2025-22569-ece449599b6b3e3c3e5c171ee4f7240c.yaml new file mode 100644 index 0000000000..9e6acc5e24 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22569-ece449599b6b3e3c3e5c171ee4f7240c.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22569-ece449599b6b3e3c3e5c171ee4f7240c + +info: + name: > + Featured Page Widget <= 2.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Featured Page Widget plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6b8038e8-a196-43f0-a250-db95aced944a?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-22569 + metadata: + fofa-query: "wp-content/plugins/featured-page-widget/" + google-query: inurl:"/wp-content/plugins/featured-page-widget/" + shodan-query: 'vuln:CVE-2025-22569' + tags: cve,wordpress,wp-plugin,featured-page-widget,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/featured-page-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "featured-page-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22570-ef79b06387d8628dfda5620227c63dbd.yaml b/nuclei-templates/2025/CVE-2025-22570-ef79b06387d8628dfda5620227c63dbd.yaml new file mode 100644 index 0000000000..8fda8dc0c1 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22570-ef79b06387d8628dfda5620227c63dbd.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22570-ef79b06387d8628dfda5620227c63dbd + +info: + name: > + Inline Tweets <= 2.0 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + The Inline Tweets plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b303034f-6ef2-4679-be2c-39e1472b30eb?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N + cvss-score: 7.2 + cve-id: CVE-2025-22570 + metadata: + fofa-query: "wp-content/plugins/inline-tweets/" + google-query: inurl:"/wp-content/plugins/inline-tweets/" + shodan-query: 'vuln:CVE-2025-22570' + tags: cve,wordpress,wp-plugin,inline-tweets,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/inline-tweets/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "inline-tweets" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22571-b259041f550608e72063afb6e623c427.yaml b/nuclei-templates/2025/CVE-2025-22571-b259041f550608e72063afb6e623c427.yaml new file mode 100644 index 0000000000..e56c28ee72 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22571-b259041f550608e72063afb6e623c427.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22571-b259041f550608e72063afb6e623c427 + +info: + name: > + Instabot <= 1.10 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Instabot: Chatbot to Increase Conversions on WordPress. Try for Free plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.10. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/560548c7-8007-4e2c-bd34-78fcb7b43eb1?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-22571 + metadata: + fofa-query: "wp-content/plugins/instabot/" + google-query: inurl:"/wp-content/plugins/instabot/" + shodan-query: 'vuln:CVE-2025-22571' + tags: cve,wordpress,wp-plugin,instabot,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/instabot/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "instabot" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.10') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22572-3586c8abb9e4256c06e1387259a18951.yaml b/nuclei-templates/2025/CVE-2025-22572-3586c8abb9e4256c06e1387259a18951.yaml new file mode 100644 index 0000000000..193232215f --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22572-3586c8abb9e4256c06e1387259a18951.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22572-3586c8abb9e4256c06e1387259a18951 + +info: + name: > + Legacy ePlayer <= 0.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Legacy ePlayer plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 0.9.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/83734fe1-23e5-4b40-8daa-f5c8b9f9896a?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22572 + metadata: + fofa-query: "wp-content/plugins/sportspress-tv/" + google-query: inurl:"/wp-content/plugins/sportspress-tv/" + shodan-query: 'vuln:CVE-2025-22572' + tags: cve,wordpress,wp-plugin,sportspress-tv,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sportspress-tv/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sportspress-tv" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.9.9') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22573-73938218326ac7cbe3516e723875cc3b.yaml b/nuclei-templates/2025/CVE-2025-22573-73938218326ac7cbe3516e723875cc3b.yaml new file mode 100644 index 0000000000..8d6380ff65 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22573-73938218326ac7cbe3516e723875cc3b.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22573-73938218326ac7cbe3516e723875cc3b + +info: + name: > + Icons Enricher <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Icons Enricher plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/59cbc7fc-793b-47b9-80e4-605ac8c2ae86?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22573 + metadata: + fofa-query: "wp-content/plugins/icons-enricher/" + google-query: inurl:"/wp-content/plugins/icons-enricher/" + shodan-query: 'vuln:CVE-2025-22573' + tags: cve,wordpress,wp-plugin,icons-enricher,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/icons-enricher/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "icons-enricher" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.8') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22574-aad5a28876c5dec92b57c33d63db31e3.yaml b/nuclei-templates/2025/CVE-2025-22574-aad5a28876c5dec92b57c33d63db31e3.yaml new file mode 100644 index 0000000000..424e829706 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22574-aad5a28876c5dec92b57c33d63db31e3.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22574-aad5a28876c5dec92b57c33d63db31e3 + +info: + name: > + ICS Button <= 0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The ICS Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/139ac1ad-d04d-48fc-85a4-6d07cd2e824a?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22574 + metadata: + fofa-query: "wp-content/plugins/ics-button/" + google-query: inurl:"/wp-content/plugins/ics-button/" + shodan-query: 'vuln:CVE-2025-22574' + tags: cve,wordpress,wp-plugin,ics-button,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ics-button/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ics-button" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.6') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22576-2fca662d15b4ab708d2c9398e65dab31.yaml b/nuclei-templates/2025/CVE-2025-22576-2fca662d15b4ab708d2c9398e65dab31.yaml new file mode 100644 index 0000000000..d620aaa637 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22576-2fca662d15b4ab708d2c9398e65dab31.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22576-2fca662d15b4ab708d2c9398e65dab31 + +info: + name: > + Site PIN <= 1.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Site PIN plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4d5ed607-4ab4-4e98-975b-e3043014d847?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-22576 + metadata: + fofa-query: "wp-content/plugins/site-pin/" + google-query: inurl:"/wp-content/plugins/site-pin/" + shodan-query: 'vuln:CVE-2025-22576' + tags: cve,wordpress,wp-plugin,site-pin,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/site-pin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "site-pin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22577-203aa83975fc701fdc5f0cbf0335f422.yaml b/nuclei-templates/2025/CVE-2025-22577-203aa83975fc701fdc5f0cbf0335f422.yaml new file mode 100644 index 0000000000..c055d366ec --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22577-203aa83975fc701fdc5f0cbf0335f422.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22577-203aa83975fc701fdc5f0cbf0335f422 + +info: + name: > + Able Player <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Able Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a022860a-07d1-44f8-8c5b-965c855822fd?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22577 + metadata: + fofa-query: "wp-content/plugins/wp-able-player/" + google-query: inurl:"/wp-content/plugins/wp-able-player/" + shodan-query: 'vuln:CVE-2025-22577' + tags: cve,wordpress,wp-plugin,wp-able-player,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-able-player/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-able-player" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22578-c6738e26222921a9c6f925a6656ac5b9.yaml b/nuclei-templates/2025/CVE-2025-22578-c6738e26222921a9c6f925a6656ac5b9.yaml new file mode 100644 index 0000000000..7277730820 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22578-c6738e26222921a9c6f925a6656ac5b9.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22578-c6738e26222921a9c6f925a6656ac5b9 + +info: + name: > + WP Cookie <= 1.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The WP Cookie plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0f8619e9-525d-425a-88c4-464cca570277?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N + cvss-score: 4.4 + cve-id: CVE-2025-22578 + metadata: + fofa-query: "wp-content/plugins/wp-cookie/" + google-query: inurl:"/wp-content/plugins/wp-cookie/" + shodan-query: 'vuln:CVE-2025-22578' + tags: cve,wordpress,wp-plugin,wp-cookie,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-cookie/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-cookie" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22579-baa900bc2ae8b65520cd4e9cb343d000.yaml b/nuclei-templates/2025/CVE-2025-22579-baa900bc2ae8b65520cd4e9cb343d000.yaml new file mode 100644 index 0000000000..e96b1c7008 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22579-baa900bc2ae8b65520cd4e9cb343d000.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22579-baa900bc2ae8b65520cd4e9cb343d000 + +info: + name: > + WP Header Notification <= 1.2.7 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The WP Header Notification plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/eb38027a-1ee2-452a-b9b8-c1b47edbd08f?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N + cvss-score: 5.5 + cve-id: CVE-2025-22579 + metadata: + fofa-query: "wp-content/plugins/wp-header-notification/" + google-query: inurl:"/wp-content/plugins/wp-header-notification/" + shodan-query: 'vuln:CVE-2025-22579' + tags: cve,wordpress,wp-plugin,wp-header-notification,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-header-notification/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-header-notification" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.7') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22580-8a9d0cfde3192c6841b25aec45ecf75d.yaml b/nuclei-templates/2025/CVE-2025-22580-8a9d0cfde3192c6841b25aec45ecf75d.yaml new file mode 100644 index 0000000000..1261fee6eb --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22580-8a9d0cfde3192c6841b25aec45ecf75d.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22580-8a9d0cfde3192c6841b25aec45ecf75d + +info: + name: > + Biltorvet Dealer Tools <= 1.0.22 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Biltorvet Dealer Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.22 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/14c857aa-5c6e-4a1a-b122-efb5d53a56cb?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22580 + metadata: + fofa-query: "wp-content/plugins/biltorvet-dealer-tools/" + google-query: inurl:"/wp-content/plugins/biltorvet-dealer-tools/" + shodan-query: 'vuln:CVE-2025-22580' + tags: cve,wordpress,wp-plugin,biltorvet-dealer-tools,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/biltorvet-dealer-tools/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "biltorvet-dealer-tools" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.22') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22581-b7c47e459f96927783a80f3d0721cfdd.yaml b/nuclei-templates/2025/CVE-2025-22581-b7c47e459f96927783a80f3d0721cfdd.yaml new file mode 100644 index 0000000000..b55c341f27 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22581-b7c47e459f96927783a80f3d0721cfdd.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22581-b7c47e459f96927783a80f3d0721cfdd + +info: + name: > + Arcade Ready <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Arcade Ready plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f430835a-135f-4a09-b9c6-42c7b484cbee?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22581 + metadata: + fofa-query: "wp-content/plugins/arcadeready/" + google-query: inurl:"/wp-content/plugins/arcadeready/" + shodan-query: 'vuln:CVE-2025-22581' + tags: cve,wordpress,wp-plugin,arcadeready,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/arcadeready/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "arcadeready" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22582-11c4c3b7ea778604c2bd20297200e12f.yaml b/nuclei-templates/2025/CVE-2025-22582-11c4c3b7ea778604c2bd20297200e12f.yaml new file mode 100644 index 0000000000..72fe2bf446 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22582-11c4c3b7ea778604c2bd20297200e12f.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22582-11c4c3b7ea778604c2bd20297200e12f + +info: + name: > + Uptime Robot <= 0.1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Uptime Robot plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1.3. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/60fd52f1-9a31-440f-b6ec-d11cc9d0feed?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-22582 + metadata: + fofa-query: "wp-content/plugins/uptime-robot/" + google-query: inurl:"/wp-content/plugins/uptime-robot/" + shodan-query: 'vuln:CVE-2025-22582' + tags: cve,wordpress,wp-plugin,uptime-robot,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/uptime-robot/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "uptime-robot" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.1.3') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22583-f0a870ffbeaf8e08eaffa49ce6b9fdfa.yaml b/nuclei-templates/2025/CVE-2025-22583-f0a870ffbeaf8e08eaffa49ce6b9fdfa.yaml new file mode 100644 index 0000000000..429a774073 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22583-f0a870ffbeaf8e08eaffa49ce6b9fdfa.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22583-f0a870ffbeaf8e08eaffa49ce6b9fdfa + +info: + name: > + Scan External Links <= 1.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Scan External Links plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ea6eac9c-988c-4cd2-be68-ff2a2ceb86e4?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-22583 + metadata: + fofa-query: "wp-content/plugins/scan-external-links/" + google-query: inurl:"/wp-content/plugins/scan-external-links/" + shodan-query: 'vuln:CVE-2025-22583' + tags: cve,wordpress,wp-plugin,scan-external-links,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/scan-external-links/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "scan-external-links" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22584-6a89e9d6c6cd63c1f674cb2a066a3a1d.yaml b/nuclei-templates/2025/CVE-2025-22584-6a89e9d6c6cd63c1f674cb2a066a3a1d.yaml new file mode 100644 index 0000000000..4076c4fb55 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22584-6a89e9d6c6cd63c1f674cb2a066a3a1d.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22584-6a89e9d6c6cd63c1f674cb2a066a3a1d + +info: + name: > + Timeline Pro <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via [placeholder] + author: topscoder + severity: low + description: > + The Timeline Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/06929eb6-8f00-480f-9bf7-de8a7f5d7c6c?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22584 + metadata: + fofa-query: "wp-content/plugins/timeline-pro/" + google-query: inurl:"/wp-content/plugins/timeline-pro/" + shodan-query: 'vuln:CVE-2025-22584' + tags: cve,wordpress,wp-plugin,timeline-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/timeline-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "timeline-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22585-5a93f75995aff8c02b670ba78737f9dd.yaml b/nuclei-templates/2025/CVE-2025-22585-5a93f75995aff8c02b670ba78737f9dd.yaml new file mode 100644 index 0000000000..b3fa0f1338 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22585-5a93f75995aff8c02b670ba78737f9dd.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22585-5a93f75995aff8c02b670ba78737f9dd + +info: + name: > + Ultimate Image Hover Effects <= 1.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Ultimate Image Hover Effects plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e5c188e0-bc5d-4512-b568-dce9ef9b8c06?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22585 + metadata: + fofa-query: "wp-content/plugins/ultimate-image-hover-effects/" + google-query: inurl:"/wp-content/plugins/ultimate-image-hover-effects/" + shodan-query: 'vuln:CVE-2025-22585' + tags: cve,wordpress,wp-plugin,ultimate-image-hover-effects,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-image-hover-effects/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-image-hover-effects" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22586-c4f7f575637fcfb70bb2254d8f282abc.yaml b/nuclei-templates/2025/CVE-2025-22586-c4f7f575637fcfb70bb2254d8f282abc.yaml new file mode 100644 index 0000000000..2eb4cc0d83 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22586-c4f7f575637fcfb70bb2254d8f282abc.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22586-c4f7f575637fcfb70bb2254d8f282abc + +info: + name: > + WPEX Replace DB Urls <= 0.4.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The WPEX Replace DB Urls plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 0.4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c60979fc-d2d2-4995-87fd-077ea6569a51?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-22586 + metadata: + fofa-query: "wp-content/plugins/wpex-replace/" + google-query: inurl:"/wp-content/plugins/wpex-replace/" + shodan-query: 'vuln:CVE-2025-22586' + tags: cve,wordpress,wp-plugin,wpex-replace,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpex-replace/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpex-replace" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.4.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22587-c412381f9dcc471086239a48cf3be3ec.yaml b/nuclei-templates/2025/CVE-2025-22587-c412381f9dcc471086239a48cf3be3ec.yaml new file mode 100644 index 0000000000..0ab5d20983 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22587-c412381f9dcc471086239a48cf3be3ec.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22587-c412381f9dcc471086239a48cf3be3ec + +info: + name: > + SEO Bulk Editor <= 1.1.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The SEO Bulk Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/881b8b18-d048-4de4-a797-a5de60d7fd3e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22587 + metadata: + fofa-query: "wp-content/plugins/seo-bulk-editor/" + google-query: inurl:"/wp-content/plugins/seo-bulk-editor/" + shodan-query: 'vuln:CVE-2025-22587' + tags: cve,wordpress,wp-plugin,seo-bulk-editor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/seo-bulk-editor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "seo-bulk-editor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22588-9051ae152a1dc5c7ffc4ad6706637b98.yaml b/nuclei-templates/2025/CVE-2025-22588-9051ae152a1dc5c7ffc4ad6706637b98.yaml new file mode 100644 index 0000000000..61232d6bf0 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22588-9051ae152a1dc5c7ffc4ad6706637b98.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22588-9051ae152a1dc5c7ffc4ad6706637b98 + +info: + name: > + Scanventory <= 1.1.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Scanventory plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/de6d07f0-6e69-4b6d-98ee-128117f0b822?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-22588 + metadata: + fofa-query: "wp-content/plugins/woocommerce-inventory-management/" + google-query: inurl:"/wp-content/plugins/woocommerce-inventory-management/" + shodan-query: 'vuln:CVE-2025-22588' + tags: cve,wordpress,wp-plugin,woocommerce-inventory-management,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-inventory-management/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-inventory-management" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.3') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22589-0f2e05ece9694f9768c558244c11e865.yaml b/nuclei-templates/2025/CVE-2025-22589-0f2e05ece9694f9768c558244c11e865.yaml new file mode 100644 index 0000000000..45bd9d7314 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22589-0f2e05ece9694f9768c558244c11e865.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22589-0f2e05ece9694f9768c558244c11e865 + +info: + name: > + Quote Tweet <= 0.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Quote Tweet plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.7. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a5dbb126-e8a1-42d0-9a05-c2e5d5da4ee1?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-22589 + metadata: + fofa-query: "wp-content/plugins/quote-tweet/" + google-query: inurl:"/wp-content/plugins/quote-tweet/" + shodan-query: 'vuln:CVE-2025-22589' + tags: cve,wordpress,wp-plugin,quote-tweet,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quote-tweet/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quote-tweet" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.7') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22590-db570ea8bfaf389797419978ee5fc297.yaml b/nuclei-templates/2025/CVE-2025-22590-db570ea8bfaf389797419978ee5fc297.yaml new file mode 100644 index 0000000000..53a82d7f62 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22590-db570ea8bfaf389797419978ee5fc297.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22590-db570ea8bfaf389797419978ee5fc297 + +info: + name: > + Prayer Times Anywhere <= 2.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Prayer Times Anywhere plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8b4cf195-d476-4acf-bfb0-df6d971e6c7b?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-22590 + metadata: + fofa-query: "wp-content/plugins/prayer-times-anywhere/" + google-query: inurl:"/wp-content/plugins/prayer-times-anywhere/" + shodan-query: 'vuln:CVE-2025-22590' + tags: cve,wordpress,wp-plugin,prayer-times-anywhere,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/prayer-times-anywhere/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "prayer-times-anywhere" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22591-4a8a9375506e4a2e9dac78c8e0444ca9.yaml b/nuclei-templates/2025/CVE-2025-22591-4a8a9375506e4a2e9dac78c8e0444ca9.yaml new file mode 100644 index 0000000000..f79bb89511 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22591-4a8a9375506e4a2e9dac78c8e0444ca9.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22591-4a8a9375506e4a2e9dac78c8e0444ca9 + +info: + name: > + 1003 Mortgage Application <= 1.87 - Missing Authorization + author: topscoder + severity: low + description: > + The 1003 Mortgage Application plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.87. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5aaa178d-f942-4f41-bd8e-5b3bff8aca6c?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2025-22591 + metadata: + fofa-query: "wp-content/plugins/1003-mortgage-application/" + google-query: inurl:"/wp-content/plugins/1003-mortgage-application/" + shodan-query: 'vuln:CVE-2025-22591' + tags: cve,wordpress,wp-plugin,1003-mortgage-application,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/1003-mortgage-application/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "1003-mortgage-application" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.87') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22592-5ae2936f7c3bb35367db25df457c7f15.yaml b/nuclei-templates/2025/CVE-2025-22592-5ae2936f7c3bb35367db25df457c7f15.yaml new file mode 100644 index 0000000000..84446d5b18 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22592-5ae2936f7c3bb35367db25df457c7f15.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22592-5ae2936f7c3bb35367db25df457c7f15 + +info: + name: > + 1003 Mortgage Application <= 1.87 - Missing Authorization + author: topscoder + severity: high + description: > + The 1003 Mortgage Application plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.87. This makes it possible for unauthenticated attackers to perform an unauthorized action. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4b1e4e4c-379f-41d7-a63a-868830c95af9?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N + cvss-score: 5.3 + cve-id: CVE-2025-22592 + metadata: + fofa-query: "wp-content/plugins/1003-mortgage-application/" + google-query: inurl:"/wp-content/plugins/1003-mortgage-application/" + shodan-query: 'vuln:CVE-2025-22592' + tags: cve,wordpress,wp-plugin,1003-mortgage-application,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/1003-mortgage-application/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "1003-mortgage-application" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.87') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22593-37d373b11c6ce0e0069ffc987e6f8b7b.yaml b/nuclei-templates/2025/CVE-2025-22593-37d373b11c6ce0e0069ffc987e6f8b7b.yaml new file mode 100644 index 0000000000..b9d3247eec --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22593-37d373b11c6ce0e0069ffc987e6f8b7b.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22593-37d373b11c6ce0e0069ffc987e6f8b7b + +info: + name: > + Laika Pedigree Tree <= 1.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Laika Pedigree Tree plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c921d8fd-07f6-4d17-89b7-0e8e3dc1e2f8?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-22593 + metadata: + fofa-query: "wp-content/plugins/laika-pedigree-tree/" + google-query: inurl:"/wp-content/plugins/laika-pedigree-tree/" + shodan-query: 'vuln:CVE-2025-22593' + tags: cve,wordpress,wp-plugin,laika-pedigree-tree,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/laika-pedigree-tree/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "laika-pedigree-tree" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22594-4302e27ae9ddc99453c29fc7ced2105d.yaml b/nuclei-templates/2025/CVE-2025-22594-4302e27ae9ddc99453c29fc7ced2105d.yaml new file mode 100644 index 0000000000..32c5e926fb --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22594-4302e27ae9ddc99453c29fc7ced2105d.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22594-4302e27ae9ddc99453c29fc7ced2105d + +info: + name: > + Better User Shortcodes <= 1.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Better User Shortcodes plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/65647429-8c76-4538-9725-91fda7fd7d4e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-22594 + metadata: + fofa-query: "wp-content/plugins/better-user-shortcodes/" + google-query: inurl:"/wp-content/plugins/better-user-shortcodes/" + shodan-query: 'vuln:CVE-2025-22594' + tags: cve,wordpress,wp-plugin,better-user-shortcodes,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/better-user-shortcodes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "better-user-shortcodes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22595-b42ed2dfd59a479261693cbcd23c3240.yaml b/nuclei-templates/2025/CVE-2025-22595-b42ed2dfd59a479261693cbcd23c3240.yaml new file mode 100644 index 0000000000..5211f90e40 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22595-b42ed2dfd59a479261693cbcd23c3240.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22595-b42ed2dfd59a479261693cbcd23c3240 + +info: + name: > + Mailing Group Listserv <= 2.0.9 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Mailing Group Listserv plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.0.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b91d979f-4043-4d55-9d01-6eda967b0a37?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-22595 + metadata: + fofa-query: "wp-content/plugins/wp-mailing-group/" + google-query: inurl:"/wp-content/plugins/wp-mailing-group/" + shodan-query: 'vuln:CVE-2025-22595' + tags: cve,wordpress,wp-plugin,wp-mailing-group,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-mailing-group/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-mailing-group" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.9') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22661-8b099d6c7ac4535c396bd1886cb59d48.yaml b/nuclei-templates/2025/CVE-2025-22661-8b099d6c7ac4535c396bd1886cb59d48.yaml new file mode 100644 index 0000000000..7475e95aa0 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22661-8b099d6c7ac4535c396bd1886cb59d48.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22661-8b099d6c7ac4535c396bd1886cb59d48 + +info: + name: > + Online Payments – Get Paid with PayPal, Square & Stripe <= 3.20.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Online Payments – Get Paid with PayPal, Square & Stripe plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.20.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ea46b390-f9df-4f07-8af5-abf2b87b5fc7?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22661 + metadata: + fofa-query: "wp-content/plugins/paypal-payment-button-by-vcita/" + google-query: inurl:"/wp-content/plugins/paypal-payment-button-by-vcita/" + shodan-query: 'vuln:CVE-2025-22661' + tags: cve,wordpress,wp-plugin,paypal-payment-button-by-vcita,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/paypal-payment-button-by-vcita/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "paypal-payment-button-by-vcita" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.20.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22678-6e709e82a05803d444ec55d0e3bc5764.yaml b/nuclei-templates/2025/CVE-2025-22678-6e709e82a05803d444ec55d0e3bc5764.yaml new file mode 100644 index 0000000000..9c4df10119 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22678-6e709e82a05803d444ec55d0e3bc5764.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22678-6e709e82a05803d444ec55d0e3bc5764 + +info: + name: > + my white <= 2.0.8 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The my white theme for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/82b182db-3f7b-4e8f-95ef-19800bb01a24?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-22678 + metadata: + fofa-query: "wp-content/themes/my-white/" + google-query: inurl:"/wp-content/themes/my-white/" + shodan-query: 'vuln:CVE-2025-22678' + tags: cve,wordpress,wp-theme,my-white,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/my-white/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "my-white" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.8') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22681-26e3a858522450e05148ddb955df0a7d.yaml b/nuclei-templates/2025/CVE-2025-22681-26e3a858522450e05148ddb955df0a7d.yaml new file mode 100644 index 0000000000..b1e4267401 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22681-26e3a858522450e05148ddb955df0a7d.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22681-26e3a858522450e05148ddb955df0a7d + +info: + name: > + Content Cloner <= 1.0.1 - Missing Authorization + author: topscoder + severity: high + description: > + The Content Cloner plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.0.1. This makes it possible for unauthenticated attackers to perform an unauthorized action. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0e23e207-637a-4105-b9cd-ad86591af5d1?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N + cvss-score: 5.3 + cve-id: CVE-2025-22681 + metadata: + fofa-query: "wp-content/plugins/super-seo-content-cloner/" + google-query: inurl:"/wp-content/plugins/super-seo-content-cloner/" + shodan-query: 'vuln:CVE-2025-22681' + tags: cve,wordpress,wp-plugin,super-seo-content-cloner,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/super-seo-content-cloner/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "super-seo-content-cloner" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22682-28d87bfae66ce281d21898c83b48e6bc.yaml b/nuclei-templates/2025/CVE-2025-22682-28d87bfae66ce281d21898c83b48e6bc.yaml new file mode 100644 index 0000000000..0d7b6ab621 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22682-28d87bfae66ce281d21898c83b48e6bc.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22682-28d87bfae66ce281d21898c83b48e6bc + +info: + name: > + Hesabfa Accounting <= 2.1.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Hesabfa Accounting plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/41f8b229-dada-4460-b394-04502f62a75f?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-22682 + metadata: + fofa-query: "wp-content/plugins/hesabfa-accounting/" + google-query: inurl:"/wp-content/plugins/hesabfa-accounting/" + shodan-query: 'vuln:CVE-2025-22682' + tags: cve,wordpress,wp-plugin,hesabfa-accounting,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/hesabfa-accounting/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "hesabfa-accounting" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.2') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22683-d117ebaf804dd862cedc5046db34c033.yaml b/nuclei-templates/2025/CVE-2025-22683-d117ebaf804dd862cedc5046db34c033.yaml new file mode 100644 index 0000000000..c9b51ba4d9 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22683-d117ebaf804dd862cedc5046db34c033.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22683-d117ebaf804dd862cedc5046db34c033 + +info: + name: > + NotificationX <= 2.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The NotificationX plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.9.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/589f5456-1d72-4eac-bd9b-2bedf4109daa?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22683 + metadata: + fofa-query: "wp-content/plugins/notificationx/" + google-query: inurl:"/wp-content/plugins/notificationx/" + shodan-query: 'vuln:CVE-2025-22683' + tags: cve,wordpress,wp-plugin,notificationx,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/notificationx/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "notificationx" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.5') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22684-f7e1ab0957a8672d75673c8e9cf87d1c.yaml b/nuclei-templates/2025/CVE-2025-22684-f7e1ab0957a8672d75673c8e9cf87d1c.yaml new file mode 100644 index 0000000000..f39d6a8927 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22684-f7e1ab0957a8672d75673c8e9cf87d1c.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22684-f7e1ab0957a8672d75673c8e9cf87d1c + +info: + name: > + WP BASE Booking <= 5.0.0 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + The WP BASE Booking of Appointments, Services and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/aefa868e-64ee-4852-bdbc-2de118b9e991?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N + cvss-score: 7.2 + cve-id: CVE-2025-22684 + metadata: + fofa-query: "wp-content/plugins/wp-base-booking-of-appointments-services-and-events/" + google-query: inurl:"/wp-content/plugins/wp-base-booking-of-appointments-services-and-events/" + shodan-query: 'vuln:CVE-2025-22684' + tags: cve,wordpress,wp-plugin,wp-base-booking-of-appointments-services-and-events,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-base-booking-of-appointments-services-and-events/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-base-booking-of-appointments-services-and-events" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.0.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22685-849b054858e73a1b74bf7f5b521941bc.yaml b/nuclei-templates/2025/CVE-2025-22685-849b054858e73a1b74bf7f5b521941bc.yaml new file mode 100644 index 0000000000..01e8b81c69 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22685-849b054858e73a1b74bf7f5b521941bc.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22685-849b054858e73a1b74bf7f5b521941bc + +info: + name: > + Tags to Keywords <= 1.0.1 - Cross-Site Request Forgery to Stored Cross-site Scripting + author: topscoder + severity: medium + description: > + The Tags to Keywords plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/befa92c2-7761-44df-a162-10f3deb9439e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-22685 + metadata: + fofa-query: "wp-content/plugins/tags-to-meta-keywords/" + google-query: inurl:"/wp-content/plugins/tags-to-meta-keywords/" + shodan-query: 'vuln:CVE-2025-22685' + tags: cve,wordpress,wp-plugin,tags-to-meta-keywords,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tags-to-meta-keywords/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tags-to-meta-keywords" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22686-380ef67747966eba5c9563385531ccd2.yaml b/nuclei-templates/2025/CVE-2025-22686-380ef67747966eba5c9563385531ccd2.yaml new file mode 100644 index 0000000000..f8c99229b0 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22686-380ef67747966eba5c9563385531ccd2.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22686-380ef67747966eba5c9563385531ccd2 + +info: + name: > + CF7 Google Sheets Connector <= 5.0.17 - Missing Authorization + author: topscoder + severity: high + description: > + The CF7 Google Sheets Connector plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 5.0.17. This makes it possible for unauthenticated attackers to perform an unauthorized action. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8f2333a1-b255-4219-a7b2-3de3a3e74e8c?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N + cvss-score: 5.3 + cve-id: CVE-2025-22686 + metadata: + fofa-query: "wp-content/plugins/cf7-google-sheets-connector/" + google-query: inurl:"/wp-content/plugins/cf7-google-sheets-connector/" + shodan-query: 'vuln:CVE-2025-22686' + tags: cve,wordpress,wp-plugin,cf7-google-sheets-connector,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cf7-google-sheets-connector/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cf7-google-sheets-connector" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.0.17') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22687-defb4c49ad8bd080e0a0bb1eccafb2bf.yaml b/nuclei-templates/2025/CVE-2025-22687-defb4c49ad8bd080e0a0bb1eccafb2bf.yaml new file mode 100644 index 0000000000..71357cd2d1 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22687-defb4c49ad8bd080e0a0bb1eccafb2bf.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22687-defb4c49ad8bd080e0a0bb1eccafb2bf + +info: + name: > + Tuaug4 <= 1.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Tuaug4 theme for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/538616b8-0c23-42b7-a694-dde69af9e3b9?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-22687 + metadata: + fofa-query: "wp-content/themes/tuaug4/" + google-query: inurl:"/wp-content/themes/tuaug4/" + shodan-query: 'vuln:CVE-2025-22687' + tags: cve,wordpress,wp-theme,tuaug4,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/tuaug4/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tuaug4" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22688-fb96bd4b322691b8967c8a9ba3e33e46.yaml b/nuclei-templates/2025/CVE-2025-22688-fb96bd4b322691b8967c8a9ba3e33e46.yaml new file mode 100644 index 0000000000..134b29de9a --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22688-fb96bd4b322691b8967c8a9ba3e33e46.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22688-fb96bd4b322691b8967c8a9ba3e33e46 + +info: + name: > + Unlimited Page Sidebars <= 0.2.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Unlimited Page Sidebars plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2.6. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c9c1039e-759f-420a-87a7-6a106640ff60?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-22688 + metadata: + fofa-query: "wp-content/plugins/unlimited-page-sidebars/" + google-query: inurl:"/wp-content/plugins/unlimited-page-sidebars/" + shodan-query: 'vuln:CVE-2025-22688' + tags: cve,wordpress,wp-plugin,unlimited-page-sidebars,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/unlimited-page-sidebars/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "unlimited-page-sidebars" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.2.6') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22690-fe50b2319d1d179e76fd81490f6c7c22.yaml b/nuclei-templates/2025/CVE-2025-22690-fe50b2319d1d179e76fd81490f6c7c22.yaml new file mode 100644 index 0000000000..e36d58cb8b --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22690-fe50b2319d1d179e76fd81490f6c7c22.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22690-fe50b2319d1d179e76fd81490f6c7c22 + +info: + name: > + DigiTimber cPanel Integration <= 1.4.6 - Cross-Site Request Forgery to Stored Cross-site Scripting + author: topscoder + severity: medium + description: > + The DigiTimber cPanel Integration plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.6. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/937a1474-2fe8-40dd-86c3-2d839a7b9c07?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-22690 + metadata: + fofa-query: "wp-content/plugins/digitimber-cpanel-integration/" + google-query: inurl:"/wp-content/plugins/digitimber-cpanel-integration/" + shodan-query: 'vuln:CVE-2025-22690' + tags: cve,wordpress,wp-plugin,digitimber-cpanel-integration,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/digitimber-cpanel-integration/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "digitimber-cpanel-integration" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.6') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22691-5e48a5e67c036d1a1c70b03c59415aff.yaml b/nuclei-templates/2025/CVE-2025-22691-5e48a5e67c036d1a1c70b03c59415aff.yaml new file mode 100644 index 0000000000..e28dada1e9 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22691-5e48a5e67c036d1a1c70b03c59415aff.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22691-5e48a5e67c036d1a1c70b03c59415aff + +info: + name: > + WP Travel <= 10.1.0 - Authenticated (Author+) SQL Injection + author: topscoder + severity: low + description: > + The WP Travel plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 10.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with author-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b6c82a71-3a67-4716-9a50-d0d32e2f465d?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N + cvss-score: 6.5 + cve-id: CVE-2025-22691 + metadata: + fofa-query: "wp-content/plugins/wp-travel/" + google-query: inurl:"/wp-content/plugins/wp-travel/" + shodan-query: 'vuln:CVE-2025-22691' + tags: cve,wordpress,wp-plugin,wp-travel,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-travel/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-travel" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 10.1.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22693-5c2478c4dafc8f17fa3058f4e82f61c2.yaml b/nuclei-templates/2025/CVE-2025-22693-5c2478c4dafc8f17fa3058f4e82f61c2.yaml new file mode 100644 index 0000000000..519d1ed11d --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22693-5c2478c4dafc8f17fa3058f4e82f61c2.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22693-5c2478c4dafc8f17fa3058f4e82f61c2 + +info: + name: > + Contest Gallery <= 25.1.0 - Authenticated (Author+) SQL Injection + author: topscoder + severity: low + description: > + The Contest Gallery plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 25.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with author-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1fb84512-82c3-4def-a11b-ba0b7d64c41f?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N + cvss-score: 6.5 + cve-id: CVE-2025-22693 + metadata: + fofa-query: "wp-content/plugins/contest-gallery/" + google-query: inurl:"/wp-content/plugins/contest-gallery/" + shodan-query: 'vuln:CVE-2025-22693' + tags: cve,wordpress,wp-plugin,contest-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contest-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contest-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 25.1.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22694-1120f5b4015d0f48bf0bed2140bb0e59.yaml b/nuclei-templates/2025/CVE-2025-22694-1120f5b4015d0f48bf0bed2140bb0e59.yaml new file mode 100644 index 0000000000..763a6c11c8 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22694-1120f5b4015d0f48bf0bed2140bb0e59.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22694-1120f5b4015d0f48bf0bed2140bb0e59 + +info: + name: > + Hide Shipping Method For WooCommerce <= 1.5.0 - Missing Authorization + author: topscoder + severity: low + description: > + The Hide Shipping Method For WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.5.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f8991817-b280-474e-9120-550bacb07066?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2025-22694 + metadata: + fofa-query: "wp-content/plugins/hide-shipping-method-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/hide-shipping-method-for-woocommerce/" + shodan-query: 'vuln:CVE-2025-22694' + tags: cve,wordpress,wp-plugin,hide-shipping-method-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/hide-shipping-method-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "hide-shipping-method-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22695-2f2e553685ae0b8a4b078b3f77a5320f.yaml b/nuclei-templates/2025/CVE-2025-22695-2f2e553685ae0b8a4b078b3f77a5320f.yaml new file mode 100644 index 0000000000..70da8d5d1a --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22695-2f2e553685ae0b8a4b078b3f77a5320f.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22695-2f2e553685ae0b8a4b078b3f77a5320f + +info: + name: > + Nirweb support <= 3.0.3 - Missing Authorization + author: topscoder + severity: low + description: > + The Nirweb support plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.0.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ac6e7029-c0eb-45b1-b8c0-135d5db84ace?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2025-22695 + metadata: + fofa-query: "wp-content/plugins/nirweb-support/" + google-query: inurl:"/wp-content/plugins/nirweb-support/" + shodan-query: 'vuln:CVE-2025-22695' + tags: cve,wordpress,wp-plugin,nirweb-support,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nirweb-support/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nirweb-support" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.3') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22696-82529ea58bf922e7ab75726226b73605.yaml b/nuclei-templates/2025/CVE-2025-22696-82529ea58bf922e7ab75726226b73605.yaml new file mode 100644 index 0000000000..f0ca9f6e27 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22696-82529ea58bf922e7ab75726226b73605.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22696-82529ea58bf922e7ab75726226b73605 + +info: + name: > + Document Block – Upload & Embed Docs <= 1.1.0 - Missing Authorization + author: topscoder + severity: low + description: > + The Document Block – Upload & Embed Docs, PDF, PPT, XLS or Any Documents plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.1.0. This makes it possible for authenticated attackers, with Contributor-level access and above, to perform an unauthorized action. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b70a57ae-4033-4e68-b806-83422d2ab68c?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2025-22696 + metadata: + fofa-query: "wp-content/plugins/document/" + google-query: inurl:"/wp-content/plugins/document/" + shodan-query: 'vuln:CVE-2025-22696' + tags: cve,wordpress,wp-plugin,document,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/document/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "document" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22697-89add8ef473b1b0ef653a0d0150d89e6.yaml b/nuclei-templates/2025/CVE-2025-22697-89add8ef473b1b0ef653a0d0150d89e6.yaml new file mode 100644 index 0000000000..a98b54dd6f --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22697-89add8ef473b1b0ef653a0d0150d89e6.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22697-89add8ef473b1b0ef653a0d0150d89e6 + +info: + name: > + Responsive Blocks <= 1.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Responsive Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.9.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1ef93096-ee09-4ea2-b299-3e173d731b8b?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22697 + metadata: + fofa-query: "wp-content/plugins/responsive-block-editor-addons/" + google-query: inurl:"/wp-content/plugins/responsive-block-editor-addons/" + shodan-query: 'vuln:CVE-2025-22697' + tags: cve,wordpress,wp-plugin,responsive-block-editor-addons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/responsive-block-editor-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "responsive-block-editor-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.9') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22699-c83ee585b02326e7b979b41926be6c29.yaml b/nuclei-templates/2025/CVE-2025-22699-c83ee585b02326e7b979b41926be6c29.yaml new file mode 100644 index 0000000000..aeebce88d4 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22699-c83ee585b02326e7b979b41926be6c29.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22699-c83ee585b02326e7b979b41926be6c29 + +info: + name: > + Traveler Code <= 3.1.0 - Unauthenticated Arbitrary SQL Injection + author: topscoder + severity: critical + description: > + The Traveler Code plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 3.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c9276757-1f73-44bf-9640-ea749ede5f16?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cve-id: CVE-2025-22699 + metadata: + fofa-query: "wp-content/plugins/traveler-code/" + google-query: inurl:"/wp-content/plugins/traveler-code/" + shodan-query: 'vuln:CVE-2025-22699' + tags: cve,wordpress,wp-plugin,traveler-code,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/traveler-code/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "traveler-code" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22700-77142fa7ae8b18c0441e65fa94114190.yaml b/nuclei-templates/2025/CVE-2025-22700-77142fa7ae8b18c0441e65fa94114190.yaml new file mode 100644 index 0000000000..3b9807fa2e --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22700-77142fa7ae8b18c0441e65fa94114190.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22700-77142fa7ae8b18c0441e65fa94114190 + +info: + name: > + Traveler Code <= 3.1.0 - Authenticated (Subscriber+) SQL Injection + author: topscoder + severity: low + description: > + The Traveler Code plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 3.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/28477bd5-a55f-4763-b7f2-86b0d9c92fd8?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N + cvss-score: 6.5 + cve-id: CVE-2025-22700 + metadata: + fofa-query: "wp-content/plugins/traveler-code/" + google-query: inurl:"/wp-content/plugins/traveler-code/" + shodan-query: 'vuln:CVE-2025-22700' + tags: cve,wordpress,wp-plugin,traveler-code,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/traveler-code/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "traveler-code" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22701-72ebbbff40eac6eac439139f7a3ec6b1.yaml b/nuclei-templates/2025/CVE-2025-22701-72ebbbff40eac6eac439139f7a3ec6b1.yaml new file mode 100644 index 0000000000..c7b87a4a1b --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22701-72ebbbff40eac6eac439139f7a3ec6b1.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22701-72ebbbff40eac6eac439139f7a3ec6b1 + +info: + name: > + Traveler Layout Essential For Elementor <= 1.0.8 - Unauthenticated Server-Side Request Forgery + author: topscoder + severity: high + description: > + The traveler-layout-essential-for-elementor plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.8. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application which can be used to query and modify information from internal services. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b77e31cf-f5fd-4ae4-84bd-e92fe34690da?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N + cvss-score: 7.2 + cve-id: CVE-2025-22701 + metadata: + fofa-query: "wp-content/plugins/traveler-layout-essential-for-elementor/" + google-query: inurl:"/wp-content/plugins/traveler-layout-essential-for-elementor/" + shodan-query: 'vuln:CVE-2025-22701' + tags: cve,wordpress,wp-plugin,traveler-layout-essential-for-elementor,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/traveler-layout-essential-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "traveler-layout-essential-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.8') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22703-27576975cc488d89c6ed0ddf846143da.yaml b/nuclei-templates/2025/CVE-2025-22703-27576975cc488d89c6ed0ddf846143da.yaml new file mode 100644 index 0000000000..f1d3bdcb9c --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22703-27576975cc488d89c6ed0ddf846143da.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22703-27576975cc488d89c6ed0ddf846143da + +info: + name: > + Forge – Front-End Page Builder <= 1.4.6 - Cross-Site Request Forgery to Stored Cross-site Scripting + author: topscoder + severity: medium + description: > + The Forge – Front-End Page Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.6. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/adf5b377-f4b6-4859-a5a2-2cb8f61b7e81?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-22703 + metadata: + fofa-query: "wp-content/plugins/forge/" + google-query: inurl:"/wp-content/plugins/forge/" + shodan-query: 'vuln:CVE-2025-22703' + tags: cve,wordpress,wp-plugin,forge,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/forge/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "forge" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.6') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22704-2481e8445fb6dfe673ce6242b0f7acb6.yaml b/nuclei-templates/2025/CVE-2025-22704-2481e8445fb6dfe673ce6242b0f7acb6.yaml new file mode 100644 index 0000000000..3a7a8aefee --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22704-2481e8445fb6dfe673ce6242b0f7acb6.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22704-2481e8445fb6dfe673ce6242b0f7acb6 + +info: + name: > + WordPress Signature <= 0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The WordPress Signature plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a217794b-9da3-4286-a851-79b33c6b7e99?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-22704 + metadata: + fofa-query: "wp-content/plugins/wordpress-signature/" + google-query: inurl:"/wp-content/plugins/wordpress-signature/" + shodan-query: 'vuln:CVE-2025-22704' + tags: cve,wordpress,wp-plugin,wordpress-signature,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordpress-signature/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordpress-signature" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22709-ebe6d53240045996955e1c8456c9903f.yaml b/nuclei-templates/2025/CVE-2025-22709-ebe6d53240045996955e1c8456c9903f.yaml new file mode 100644 index 0000000000..4e1e6d558e --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22709-ebe6d53240045996955e1c8456c9903f.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22709-ebe6d53240045996955e1c8456c9903f + +info: + name: > + Verge3D <= 4.8.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Verge3D plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 4.8.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/73913fc5-aee4-4613-9bd6-76e091227c2c?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-22709 + metadata: + fofa-query: "wp-content/plugins/verge3d/" + google-query: inurl:"/wp-content/plugins/verge3d/" + shodan-query: 'vuln:CVE-2025-22709' + tags: cve,wordpress,wp-plugin,verge3d,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/verge3d/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "verge3d" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.8.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22710-eb648d1eb5c588713ff0ada3a52137db.yaml b/nuclei-templates/2025/CVE-2025-22710-eb648d1eb5c588713ff0ada3a52137db.yaml new file mode 100644 index 0000000000..70081bb46c --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22710-eb648d1eb5c588713ff0ada3a52137db.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22710-eb648d1eb5c588713ff0ada3a52137db + +info: + name: > + Smart Manager <= 8.52.0 - Authenticated (Administrator+) SQL Injection + author: topscoder + severity: low + description: > + The Smart Manager plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 8.52.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9689a638-f7e5-4340-8a69-990fc2f6b9e5?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N + cvss-score: 4.9 + cve-id: CVE-2025-22710 + metadata: + fofa-query: "wp-content/plugins/smart-manager-for-wp-e-commerce/" + google-query: inurl:"/wp-content/plugins/smart-manager-for-wp-e-commerce/" + shodan-query: 'vuln:CVE-2025-22710' + tags: cve,wordpress,wp-plugin,smart-manager-for-wp-e-commerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/smart-manager-for-wp-e-commerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "smart-manager-for-wp-e-commerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.52.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22711-b20781c1421d7b0bb81dd1c8e9deb3d8.yaml b/nuclei-templates/2025/CVE-2025-22711-b20781c1421d7b0bb81dd1c8e9deb3d8.yaml new file mode 100644 index 0000000000..2e1388f62f --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22711-b20781c1421d7b0bb81dd1c8e9deb3d8.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22711-b20781c1421d7b0bb81dd1c8e9deb3d8 + +info: + name: > + Image Source Control <= 2.29.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Image Source Control plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.29.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c80e2a84-fa77-49a8-b197-c258aba58537?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-22711 + metadata: + fofa-query: "wp-content/plugins/image-source-control-isc/" + google-query: inurl:"/wp-content/plugins/image-source-control-isc/" + shodan-query: 'vuln:CVE-2025-22711' + tags: cve,wordpress,wp-plugin,image-source-control-isc,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/image-source-control-isc/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "image-source-control-isc" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.29.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22716-80b07661a5bc815724ec2a7b7424b99d.yaml b/nuclei-templates/2025/CVE-2025-22716-80b07661a5bc815724ec2a7b7424b99d.yaml new file mode 100644 index 0000000000..4ff8e67a52 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22716-80b07661a5bc815724ec2a7b7424b99d.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22716-80b07661a5bc815724ec2a7b7424b99d + +info: + name: > + Taskbuilder <= 3.0.6 - Authenticated (Subscriber+) SQL Injection + author: topscoder + severity: low + description: > + The Taskbuilder plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 3.0.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/47243ee1-42da-480c-94b8-bdebd8f9eac6?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N + cvss-score: 6.5 + cve-id: CVE-2025-22716 + metadata: + fofa-query: "wp-content/plugins/taskbuilder/" + google-query: inurl:"/wp-content/plugins/taskbuilder/" + shodan-query: 'vuln:CVE-2025-22716' + tags: cve,wordpress,wp-plugin,taskbuilder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/taskbuilder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "taskbuilder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.6') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22717-e2aaa88cee2a0161b5c27aa80fc93eb9.yaml b/nuclei-templates/2025/CVE-2025-22717-e2aaa88cee2a0161b5c27aa80fc93eb9.yaml new file mode 100644 index 0000000000..ac4981174d --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22717-e2aaa88cee2a0161b5c27aa80fc93eb9.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22717-e2aaa88cee2a0161b5c27aa80fc93eb9 + +info: + name: > + My Tickets <= 2.0.9 - Missing Authorization + author: topscoder + severity: high + description: > + The My Tickets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the mt_download_csv_event() function in versions up to, and including, 2.0.9. This makes it possible for unauthenticated attackers to download a CSV of events. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5027a662-f27c-4a76-88ac-7b9c2e7401e9?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.3 + cve-id: CVE-2025-22717 + metadata: + fofa-query: "wp-content/plugins/my-tickets/" + google-query: inurl:"/wp-content/plugins/my-tickets/" + shodan-query: 'vuln:CVE-2025-22717' + tags: cve,wordpress,wp-plugin,my-tickets,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/my-tickets/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "my-tickets" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.9') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22718-a9af186679d0c6093c33acda2c02b4b6.yaml b/nuclei-templates/2025/CVE-2025-22718-a9af186679d0c6093c33acda2c02b4b6.yaml new file mode 100644 index 0000000000..9b49933e77 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22718-a9af186679d0c6093c33acda2c02b4b6.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22718-a9af186679d0c6093c33acda2c02b4b6 + +info: + name: > + FAT Event Lite <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The FAT Event Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/11807042-be3c-4780-bb47-ecc54aead5f2?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22718 + metadata: + fofa-query: "wp-content/plugins/fat-event-lite/" + google-query: inurl:"/wp-content/plugins/fat-event-lite/" + shodan-query: 'vuln:CVE-2025-22718' + tags: cve,wordpress,wp-plugin,fat-event-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fat-event-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fat-event-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22719-ff65aaeb75e18cd1bcc955b1401bf4e4.yaml b/nuclei-templates/2025/CVE-2025-22719-ff65aaeb75e18cd1bcc955b1401bf4e4.yaml new file mode 100644 index 0000000000..a3fe80c264 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22719-ff65aaeb75e18cd1bcc955b1401bf4e4.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22719-ff65aaeb75e18cd1bcc955b1401bf4e4 + +info: + name: > + VikAppointments Services Booking Calendar <= 1.2.16 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + The VikAppointments Services Booking Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.16. This is due to missing or incorrect nonce validation on the executeRole() function. This makes it possible for unauthenticated attackers to configure plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/62cc4e29-f87e-40e7-8ae0-14a7d3bff462?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2025-22719 + metadata: + fofa-query: "wp-content/plugins/vikappointments/" + google-query: inurl:"/wp-content/plugins/vikappointments/" + shodan-query: 'vuln:CVE-2025-22719' + tags: cve,wordpress,wp-plugin,vikappointments,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/vikappointments/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "vikappointments" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.16') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22721-f63fe633ee61772a9d3621da0d20072b.yaml b/nuclei-templates/2025/CVE-2025-22721-f63fe633ee61772a9d3621da0d20072b.yaml new file mode 100644 index 0000000000..8dd95de49f --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22721-f63fe633ee61772a9d3621da0d20072b.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22721-f63fe633ee61772a9d3621da0d20072b + +info: + name: > + ApplyOnline – Application Form Builder and Manager <= 2.6.7.1 - Missing Authorization + author: topscoder + severity: low + description: > + The ApplyOnline – Application Form Builder and Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the template_form_callback() function in versions up to, and including, 2.6.7.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to render templates. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e23739b7-be36-441d-9b73-f51a0184a465?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2025-22721 + metadata: + fofa-query: "wp-content/plugins/apply-online/" + google-query: inurl:"/wp-content/plugins/apply-online/" + shodan-query: 'vuln:CVE-2025-22721' + tags: cve,wordpress,wp-plugin,apply-online,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/apply-online/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "apply-online" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.7.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22722-3533450f96534d2e168c0c817528bfa8.yaml b/nuclei-templates/2025/CVE-2025-22722-3533450f96534d2e168c0c817528bfa8.yaml new file mode 100644 index 0000000000..6cea3c4d91 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22722-3533450f96534d2e168c0c817528bfa8.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22722-3533450f96534d2e168c0c817528bfa8 + +info: + name: > + Widget Options <= 4.0.8 - Missing Authorization to Notice Dismissal + author: topscoder + severity: low + description: > + The Widget Options plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the widgetopts_ajax_hide_rating() function in versions up to, and including, 4.0.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to dismiss a ratings notice. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e0b571c8-d414-4566-a24c-e70fd1740256?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2025-22722 + metadata: + fofa-query: "wp-content/plugins/widget-options/" + google-query: inurl:"/wp-content/plugins/widget-options/" + shodan-query: 'vuln:CVE-2025-22722' + tags: cve,wordpress,wp-plugin,widget-options,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/widget-options/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "widget-options" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.8') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22723-b57a5dbdc8543b05d7423885c5c3442c.yaml b/nuclei-templates/2025/CVE-2025-22723-b57a5dbdc8543b05d7423885c5c3442c.yaml new file mode 100644 index 0000000000..53947b6f45 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22723-b57a5dbdc8543b05d7423885c5c3442c.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22723-b57a5dbdc8543b05d7423885c5c3442c + +info: + name: > + Barcode Scanner with Inventory & Order Manager <= 1.6.7 - Authenticated (Admin+) Arbitrary File Upload + author: topscoder + severity: low + description: > + The Barcode Scanner (+Mobile App) – Inventory manager, Order fulfillment system, POS (Point of Sale) plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.6.7. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cf3c2031-06c7-42c9-a099-a798dc0cc3d0?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H + cvss-score: 7.2 + cve-id: CVE-2025-22723 + metadata: + fofa-query: "wp-content/plugins/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/" + google-query: inurl:"/wp-content/plugins/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/" + shodan-query: 'vuln:CVE-2025-22723' + tags: cve,wordpress,wp-plugin,barcode-scanner-lite-pos-to-manage-products-inventory-and-orders,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.7') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22724-bc1e3d0758b872cdf0032598fb966543.yaml b/nuclei-templates/2025/CVE-2025-22724-bc1e3d0758b872cdf0032598fb966543.yaml new file mode 100644 index 0000000000..eca4c358ff --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22724-bc1e3d0758b872cdf0032598fb966543.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22724-bc1e3d0758b872cdf0032598fb966543 + +info: + name: > + Product Carousel For WooCommerce – WoorouSell <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Product Carousel For WooCommerce – WoorouSell plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ccf0e70-7e0e-4efc-879a-cda883c6394e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22724 + metadata: + fofa-query: "wp-content/plugins/woorousell/" + google-query: inurl:"/wp-content/plugins/woorousell/" + shodan-query: 'vuln:CVE-2025-22724' + tags: cve,wordpress,wp-plugin,woorousell,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woorousell/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woorousell" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22727-d829103cb2db0c978b3fff453e1d86a2.yaml b/nuclei-templates/2025/CVE-2025-22727-d829103cb2db0c978b3fff453e1d86a2.yaml new file mode 100644 index 0000000000..652683b174 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22727-d829103cb2db0c978b3fff453e1d86a2.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22727-d829103cb2db0c978b3fff453e1d86a2 + +info: + name: > + MailChimp Subscribe Forms <= 4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The MailChimp Subscribe Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/94c3e857-6e5b-4f1f-8ebb-fee439541beb?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22727 + metadata: + fofa-query: "wp-content/plugins/mailchimp-subscribe-sm/" + google-query: inurl:"/wp-content/plugins/mailchimp-subscribe-sm/" + shodan-query: 'vuln:CVE-2025-22727' + tags: cve,wordpress,wp-plugin,mailchimp-subscribe-sm,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mailchimp-subscribe-sm/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mailchimp-subscribe-sm" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22729-46ef3fd20f0ee95d9bebb62fc3cff3bc.yaml b/nuclei-templates/2025/CVE-2025-22729-46ef3fd20f0ee95d9bebb62fc3cff3bc.yaml new file mode 100644 index 0000000000..bf9dc586c0 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22729-46ef3fd20f0ee95d9bebb62fc3cff3bc.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22729-46ef3fd20f0ee95d9bebb62fc3cff3bc + +info: + name: > + VOD Infomaniak <= 1.5.9 - Missing Authorization + author: topscoder + severity: low + description: > + The VOD Infomaniak plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the importPostVideoDispo() and importPostVideoEnding() functions in versions up to, and including, 1.5.9. This makes it possible for authenticated attackers, with subscriber-level access and above, to import videos. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1a47b096-43c8-4fc4-9fe1-0afa311a420c?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2025-22729 + metadata: + fofa-query: "wp-content/plugins/vod-infomaniak/" + google-query: inurl:"/wp-content/plugins/vod-infomaniak/" + shodan-query: 'vuln:CVE-2025-22729' + tags: cve,wordpress,wp-plugin,vod-infomaniak,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/vod-infomaniak/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "vod-infomaniak" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.9') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22731-d03b08411c616e626ecef2f987cef481.yaml b/nuclei-templates/2025/CVE-2025-22731-d03b08411c616e626ecef2f987cef481.yaml new file mode 100644 index 0000000000..4b282835c6 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22731-d03b08411c616e626ecef2f987cef481.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22731-d03b08411c616e626ecef2f987cef481 + +info: + name: > + Build Private Store For Woocommerce <= 1.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + The Build Private Store For Woocommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to perform unauthorized actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3861776a-be47-44e4-84b5-b3c31856e162?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2025-22731 + metadata: + fofa-query: "wp-content/plugins/build-private-store-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/build-private-store-for-woocommerce/" + shodan-query: 'vuln:CVE-2025-22731' + tags: cve,wordpress,wp-plugin,build-private-store-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/build-private-store-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "build-private-store-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22732-ff9d0322e6bc44a3e76f79985ce5d9eb.yaml b/nuclei-templates/2025/CVE-2025-22732-ff9d0322e6bc44a3e76f79985ce5d9eb.yaml new file mode 100644 index 0000000000..ff40b03292 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22732-ff9d0322e6bc44a3e76f79985ce5d9eb.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22732-ff9d0322e6bc44a3e76f79985ce5d9eb + +info: + name: > + Ad Blocking Detector <= 3.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Ad Blocking Detector plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.6.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dd87f789-dd71-4274-a836-e9af230161e5?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22732 + metadata: + fofa-query: "wp-content/plugins/ad-blocking-detector/" + google-query: inurl:"/wp-content/plugins/ad-blocking-detector/" + shodan-query: 'vuln:CVE-2025-22732' + tags: cve,wordpress,wp-plugin,ad-blocking-detector,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ad-blocking-detector/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ad-blocking-detector" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22733-1937fc6f24904007f542be2602bf471a.yaml b/nuclei-templates/2025/CVE-2025-22733-1937fc6f24904007f542be2602bf471a.yaml new file mode 100644 index 0000000000..25f2c48d56 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22733-1937fc6f24904007f542be2602bf471a.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22733-1937fc6f24904007f542be2602bf471a + +info: + name: > + My auctions allegro <= 3.6.18 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The My auctions allegro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 3.6.18 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/28a9c2ba-7667-4601-8808-7258af69a432?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-22733 + metadata: + fofa-query: "wp-content/plugins/my-auctions-allegro-free-edition/" + google-query: inurl:"/wp-content/plugins/my-auctions-allegro-free-edition/" + shodan-query: 'vuln:CVE-2025-22733' + tags: cve,wordpress,wp-plugin,my-auctions-allegro-free-edition,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/my-auctions-allegro-free-edition/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "my-auctions-allegro-free-edition" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6.18') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22734-e221d1a3a1e85517f303694ba529802e.yaml b/nuclei-templates/2025/CVE-2025-22734-e221d1a3a1e85517f303694ba529802e.yaml new file mode 100644 index 0000000000..0df9186514 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22734-e221d1a3a1e85517f303694ba529802e.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22734-e221d1a3a1e85517f303694ba529802e + +info: + name: > + Posts Footer Manager <= 2.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Posts Footer Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6913ae56-e8a2-40df-ae99-b1957193ccbe?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N + cvss-score: 4.4 + cve-id: CVE-2025-22734 + metadata: + fofa-query: "wp-content/plugins/intelly-posts-footer-manager/" + google-query: inurl:"/wp-content/plugins/intelly-posts-footer-manager/" + shodan-query: 'vuln:CVE-2025-22734' + tags: cve,wordpress,wp-plugin,intelly-posts-footer-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/intelly-posts-footer-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "intelly-posts-footer-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22736-0b3f50d09428168ec0e88e0296799e19.yaml b/nuclei-templates/2025/CVE-2025-22736-0b3f50d09428168ec0e88e0296799e19.yaml new file mode 100644 index 0000000000..d4ccf0b840 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22736-0b3f50d09428168ec0e88e0296799e19.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22736-0b3f50d09428168ec0e88e0296799e19 + +info: + name: > + User Management <= 1.2 - Authenticated (Subscriber+) Privilege Escalation + author: topscoder + severity: low + description: > + The User Management plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges to that of an administrator. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ac23cd7d-193d-4fa1-8c1c-79ca92da98d7?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2025-22736 + metadata: + fofa-query: "wp-content/plugins/user-management/" + google-query: inurl:"/wp-content/plugins/user-management/" + shodan-query: 'vuln:CVE-2025-22736' + tags: cve,wordpress,wp-plugin,user-management,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/user-management/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "user-management" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22737-9fb287a9616321ab7d5a1e9e87643b24.yaml b/nuclei-templates/2025/CVE-2025-22737-9fb287a9616321ab7d5a1e9e87643b24.yaml new file mode 100644 index 0000000000..6fb8408107 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22737-9fb287a9616321ab7d5a1e9e87643b24.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22737-9fb287a9616321ab7d5a1e9e87643b24 + +info: + name: > + WpTravelly <= 1.8.5 - Missing Authorization + author: topscoder + severity: high + description: > + The WordPress Tour & Travel Booking Plugin for WooCommerce – WpTravelly plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in all versions up to, and including, 1.8.5. This makes it possible for unauthenticated attackers to perform actions like updating plugin settings. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a1b3430b-c502-47f9-bbca-69da1545d221?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N + cvss-score: 5.3 + cve-id: CVE-2025-22737 + metadata: + fofa-query: "wp-content/plugins/tour-booking-manager/" + google-query: inurl:"/wp-content/plugins/tour-booking-manager/" + shodan-query: 'vuln:CVE-2025-22737' + tags: cve,wordpress,wp-plugin,tour-booking-manager,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tour-booking-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tour-booking-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.5') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22738-bfd7b9430a5cea6e925edb7850442515.yaml b/nuclei-templates/2025/CVE-2025-22738-bfd7b9430a5cea6e925edb7850442515.yaml new file mode 100644 index 0000000000..2c6ca72a77 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22738-bfd7b9430a5cea6e925edb7850442515.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22738-bfd7b9430a5cea6e925edb7850442515 + +info: + name: > + WP ULike <= 4.7.6 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The WP ULike plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.7.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cff3bfae-bda7-4ab1-b6f5-11bd0dfd75b8?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N + cvss-score: 4.4 + cve-id: CVE-2025-22738 + metadata: + fofa-query: "wp-content/plugins/wp-ulike/" + google-query: inurl:"/wp-content/plugins/wp-ulike/" + shodan-query: 'vuln:CVE-2025-22738' + tags: cve,wordpress,wp-plugin,wp-ulike,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-ulike/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-ulike" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.7.6') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22742-a9432a687c2e22ad13a0aa4ce79e3193.yaml b/nuclei-templates/2025/CVE-2025-22742-a9432a687c2e22ad13a0aa4ce79e3193.yaml new file mode 100644 index 0000000000..ce91d77005 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22742-a9432a687c2e22ad13a0aa4ce79e3193.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22742-a9432a687c2e22ad13a0aa4ce79e3193 + +info: + name: > + WP ViewSTL <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The WP ViewSTL plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/514a393e-840e-4afb-90fc-a66927624a00?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22742 + metadata: + fofa-query: "wp-content/plugins/wp-viewstl/" + google-query: inurl:"/wp-content/plugins/wp-viewstl/" + shodan-query: 'vuln:CVE-2025-22742' + tags: cve,wordpress,wp-plugin,wp-viewstl,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-viewstl/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-viewstl" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22743-aaa7a8a287fe913e1ad8c52c637ff9e8.yaml b/nuclei-templates/2025/CVE-2025-22743-aaa7a8a287fe913e1ad8c52c637ff9e8.yaml new file mode 100644 index 0000000000..d25145e2af --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22743-aaa7a8a287fe913e1ad8c52c637ff9e8.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22743-aaa7a8a287fe913e1ad8c52c637ff9e8 + +info: + name: > + Twitter Bootstrap Collapse aka Accordian Shortcode <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Twitter Bootstrap Collapse aka Accordian Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2961d6ef-f039-45dd-b47e-8b85c409668c?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22743 + metadata: + fofa-query: "wp-content/plugins/twitter-bootstrap-collapse-aka-accordian-shortcode/" + google-query: inurl:"/wp-content/plugins/twitter-bootstrap-collapse-aka-accordian-shortcode/" + shodan-query: 'vuln:CVE-2025-22743' + tags: cve,wordpress,wp-plugin,twitter-bootstrap-collapse-aka-accordian-shortcode,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/twitter-bootstrap-collapse-aka-accordian-shortcode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "twitter-bootstrap-collapse-aka-accordian-shortcode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22744-3ca70f6091d85a7fe1f83a727201b257.yaml b/nuclei-templates/2025/CVE-2025-22744-3ca70f6091d85a7fe1f83a727201b257.yaml new file mode 100644 index 0000000000..afad3cdfb2 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22744-3ca70f6091d85a7fe1f83a727201b257.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22744-3ca70f6091d85a7fe1f83a727201b257 + +info: + name: > + S-DEV SEO <= 1.88 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The S-DEV SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.88 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e0da2b93-84c6-4228-868f-0c5bfa1e0cf4?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22744 + metadata: + fofa-query: "wp-content/plugins/s-dev-seo/" + google-query: inurl:"/wp-content/plugins/s-dev-seo/" + shodan-query: 'vuln:CVE-2025-22744' + tags: cve,wordpress,wp-plugin,s-dev-seo,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/s-dev-seo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "s-dev-seo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.88') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22745-40c19ec0f44c36eaf67129e91e514bb7.yaml b/nuclei-templates/2025/CVE-2025-22745-40c19ec0f44c36eaf67129e91e514bb7.yaml new file mode 100644 index 0000000000..c75c13038b --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22745-40c19ec0f44c36eaf67129e91e514bb7.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22745-40c19ec0f44c36eaf67129e91e514bb7 + +info: + name: > + Navigation Du Lapin Blanc <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Navigation Du Lapin Blanc plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e997974c-733c-4c98-9de5-876681194bdd?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22745 + metadata: + fofa-query: "wp-content/plugins/navigation-du-lapin-blanc/" + google-query: inurl:"/wp-content/plugins/navigation-du-lapin-blanc/" + shodan-query: 'vuln:CVE-2025-22745' + tags: cve,wordpress,wp-plugin,navigation-du-lapin-blanc,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/navigation-du-lapin-blanc/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "navigation-du-lapin-blanc" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22746-dc0ee2ac65c3fa457e913e00474be5f2.yaml b/nuclei-templates/2025/CVE-2025-22746-dc0ee2ac65c3fa457e913e00474be5f2.yaml new file mode 100644 index 0000000000..be0fdc0189 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22746-dc0ee2ac65c3fa457e913e00474be5f2.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22746-dc0ee2ac65c3fa457e913e00474be5f2 + +info: + name: > + HireHive Job Plugin <= 2.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The HireHive Job Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.9.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6b065dbe-2218-4599-8c9c-a4b9b6097ec0?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22746 + metadata: + fofa-query: "wp-content/plugins/zartis-job-plugin/" + google-query: inurl:"/wp-content/plugins/zartis-job-plugin/" + shodan-query: 'vuln:CVE-2025-22746' + tags: cve,wordpress,wp-plugin,zartis-job-plugin,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/zartis-job-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "zartis-job-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22747-3c7b5e9430106559649bedf0abac8ebb.yaml b/nuclei-templates/2025/CVE-2025-22747-3c7b5e9430106559649bedf0abac8ebb.yaml new file mode 100644 index 0000000000..cd42d649ea --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22747-3c7b5e9430106559649bedf0abac8ebb.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22747-3c7b5e9430106559649bedf0abac8ebb + +info: + name: > + Foundation Columns <= 0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Foundation Columns plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 0.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/22d222e8-adbc-4217-a820-e9196521fd03?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22747 + metadata: + fofa-query: "wp-content/plugins/foundation-columns/" + google-query: inurl:"/wp-content/plugins/foundation-columns/" + shodan-query: 'vuln:CVE-2025-22747' + tags: cve,wordpress,wp-plugin,foundation-columns,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/foundation-columns/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "foundation-columns" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.8') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22748-2e5ebcb580dc62850a8c535d0220ca65.yaml b/nuclei-templates/2025/CVE-2025-22748-2e5ebcb580dc62850a8c535d0220ca65.yaml new file mode 100644 index 0000000000..3029063255 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22748-2e5ebcb580dc62850a8c535d0220ca65.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22748-2e5ebcb580dc62850a8c535d0220ca65 + +info: + name: > + SetMore Theme – Custom Post Types <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The SetMore Theme – Custom Post Types plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/800c55b1-7d1f-4525-a4c3-8da5b69355fb?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22748 + metadata: + fofa-query: "wp-content/plugins/service-provider-profile-cpt/" + google-query: inurl:"/wp-content/plugins/service-provider-profile-cpt/" + shodan-query: 'vuln:CVE-2025-22748' + tags: cve,wordpress,wp-plugin,service-provider-profile-cpt,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/service-provider-profile-cpt/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "service-provider-profile-cpt" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22749-a81839527b5d9c5ad3576956c1929c82.yaml b/nuclei-templates/2025/CVE-2025-22749-a81839527b5d9c5ad3576956c1929c82.yaml new file mode 100644 index 0000000000..3c1412fcb7 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22749-a81839527b5d9c5ad3576956c1929c82.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22749-a81839527b5d9c5ad3576956c1929c82 + +info: + name: > + Social Media Engine <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Social Media Engine plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e413fbfd-fc09-4b84-a8b9-231434e0681b?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22749 + metadata: + fofa-query: "wp-content/plugins/social-media-engine/" + google-query: inurl:"/wp-content/plugins/social-media-engine/" + shodan-query: 'vuln:CVE-2025-22749' + tags: cve,wordpress,wp-plugin,social-media-engine,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/social-media-engine/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "social-media-engine" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.2') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22750-b4f5bb907f8ea7723e9f4005fc2793b1.yaml b/nuclei-templates/2025/CVE-2025-22750-b4f5bb907f8ea7723e9f4005fc2793b1.yaml new file mode 100644 index 0000000000..35dacaf599 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22750-b4f5bb907f8ea7723e9f4005fc2793b1.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22750-b4f5bb907f8ea7723e9f4005fc2793b1 + +info: + name: > + Post Carousel & Slider <= 1.0.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Post Carousel & Slider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/45ee8b10-6758-45c8-835e-197ad6a9284a?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-22750 + metadata: + fofa-query: "wp-content/plugins/post-types-carousel-slider/" + google-query: inurl:"/wp-content/plugins/post-types-carousel-slider/" + shodan-query: 'vuln:CVE-2025-22750' + tags: cve,wordpress,wp-plugin,post-types-carousel-slider,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/post-types-carousel-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "post-types-carousel-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.4') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22751-0776da6bcf6ca908a9c12d803e8569e3.yaml b/nuclei-templates/2025/CVE-2025-22751-0776da6bcf6ca908a9c12d803e8569e3.yaml new file mode 100644 index 0000000000..e01810face --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22751-0776da6bcf6ca908a9c12d803e8569e3.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22751-0776da6bcf6ca908a9c12d803e8569e3 + +info: + name: > + Partners <= 0.2.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Partners plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 0.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/36dbe59e-b368-42f1-b72b-54123de43434?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-22751 + metadata: + fofa-query: "wp-content/plugins/partners/" + google-query: inurl:"/wp-content/plugins/partners/" + shodan-query: 'vuln:CVE-2025-22751' + tags: cve,wordpress,wp-plugin,partners,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/partners/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "partners" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.2.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22752-47dafc929e123be090778df17d9b4f7d.yaml b/nuclei-templates/2025/CVE-2025-22752-47dafc929e123be090778df17d9b4f7d.yaml new file mode 100644 index 0000000000..1a20f6c056 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22752-47dafc929e123be090778df17d9b4f7d.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22752-47dafc929e123be090778df17d9b4f7d + +info: + name: > + GSheetConnector for Forminator Forms <= 1.0.11 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The GSheetConnector for Forminator Forms plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.0.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b7d2e351-6ee2-4865-b1d2-909e76e1ecb5?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-22752 + metadata: + fofa-query: "wp-content/plugins/gsheetconnector-forminator/" + google-query: inurl:"/wp-content/plugins/gsheetconnector-forminator/" + shodan-query: 'vuln:CVE-2025-22752' + tags: cve,wordpress,wp-plugin,gsheetconnector-forminator,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gsheetconnector-forminator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gsheetconnector-forminator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.11') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22753-c40251744d533e771202651b8686f1d1.yaml b/nuclei-templates/2025/CVE-2025-22753-c40251744d533e771202651b8686f1d1.yaml new file mode 100644 index 0000000000..3ef0485c7a --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22753-c40251744d533e771202651b8686f1d1.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22753-c40251744d533e771202651b8686f1d1 + +info: + name: > + turboSMTP <= 4.6 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The turboSMTP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 4.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e031dbef-1f7a-4c17-803a-fd467978d7f3?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-22753 + metadata: + fofa-query: "wp-content/plugins/turbosmtp/" + google-query: inurl:"/wp-content/plugins/turbosmtp/" + shodan-query: 'vuln:CVE-2025-22753' + tags: cve,wordpress,wp-plugin,turbosmtp,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/turbosmtp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "turbosmtp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.6') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22754-ed7f2bdcd6a1211d0e953528e81f1669.yaml b/nuclei-templates/2025/CVE-2025-22754-ed7f2bdcd6a1211d0e953528e81f1669.yaml new file mode 100644 index 0000000000..43ffdac3c3 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22754-ed7f2bdcd6a1211d0e953528e81f1669.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22754-ed7f2bdcd6a1211d0e953528e81f1669 + +info: + name: > + Amber <= 1.4.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Amber plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c5ed7387-34e2-4cf0-926b-e5c2ef4222cd?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-22754 + metadata: + fofa-query: "wp-content/plugins/amberlink/" + google-query: inurl:"/wp-content/plugins/amberlink/" + shodan-query: 'vuln:CVE-2025-22754' + tags: cve,wordpress,wp-plugin,amberlink,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/amberlink/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "amberlink" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.4') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22755-ebbe756965cb6d94924bc2581f711795.yaml b/nuclei-templates/2025/CVE-2025-22755-ebbe756965cb6d94924bc2581f711795.yaml new file mode 100644 index 0000000000..e11eddcf86 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22755-ebbe756965cb6d94924bc2581f711795.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22755-ebbe756965cb6d94924bc2581f711795 + +info: + name: > + WP Headmaster <= 0.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The WP Headmaster plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/16b5ad20-a264-49fa-aafc-e137ac0d81fa?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-22755 + metadata: + fofa-query: "wp-content/plugins/wp-headmaster/" + google-query: inurl:"/wp-content/plugins/wp-headmaster/" + shodan-query: 'vuln:CVE-2025-22755' + tags: cve,wordpress,wp-plugin,wp-headmaster,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-headmaster/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-headmaster" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.3') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22758-62aa793d1912c858ac76bbf8749665b3.yaml b/nuclei-templates/2025/CVE-2025-22758-62aa793d1912c858ac76bbf8749665b3.yaml new file mode 100644 index 0000000000..366820350c --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22758-62aa793d1912c858ac76bbf8749665b3.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22758-62aa793d1912c858ac76bbf8749665b3 + +info: + name: > + Elementor AI Addons <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Elementor AI Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/53ad0496-a484-48e4-aa17-29d63e1a47e1?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22758 + metadata: + fofa-query: "wp-content/plugins/ai-addons-for-elementor/" + google-query: inurl:"/wp-content/plugins/ai-addons-for-elementor/" + shodan-query: 'vuln:CVE-2025-22758' + tags: cve,wordpress,wp-plugin,ai-addons-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ai-addons-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ai-addons-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22759-3a66c728d0f5b5bfd7646a6a816d4051.yaml b/nuclei-templates/2025/CVE-2025-22759-3a66c728d0f5b5bfd7646a6a816d4051.yaml new file mode 100644 index 0000000000..85cc87ed43 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22759-3a66c728d0f5b5bfd7646a6a816d4051.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22759-3a66c728d0f5b5bfd7646a6a816d4051 + +info: + name: > + Post and Page Builder by BoldGrid – Visual Drag and Drop Editor <= 1.27.5 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.27.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c1c89ce7-82d8-42e9-9608-cc77cb9c41d6?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22759 + metadata: + fofa-query: "wp-content/plugins/post-and-page-builder/" + google-query: inurl:"/wp-content/plugins/post-and-page-builder/" + shodan-query: 'vuln:CVE-2025-22759' + tags: cve,wordpress,wp-plugin,post-and-page-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/post-and-page-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "post-and-page-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.27.5') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22760-15faaeee1f3edc78288e0a7d405b2855.yaml b/nuclei-templates/2025/CVE-2025-22760-15faaeee1f3edc78288e0a7d405b2855.yaml new file mode 100644 index 0000000000..9f297cc723 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22760-15faaeee1f3edc78288e0a7d405b2855.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22760-15faaeee1f3edc78288e0a7d405b2855 + +info: + name: > + CodeBard Help Desk <= 1.1.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The CodeBard Help Desk plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e99d5841-9fd0-451f-b6fe-bac0851f4aaf?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-22760 + metadata: + fofa-query: "wp-content/plugins/codebard-help-desk/" + google-query: inurl:"/wp-content/plugins/codebard-help-desk/" + shodan-query: 'vuln:CVE-2025-22760' + tags: cve,wordpress,wp-plugin,codebard-help-desk,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/codebard-help-desk/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "codebard-help-desk" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22761-4d28502eb5afb06f40eea744921873c6.yaml b/nuclei-templates/2025/CVE-2025-22761-4d28502eb5afb06f40eea744921873c6.yaml new file mode 100644 index 0000000000..c8179b73f4 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22761-4d28502eb5afb06f40eea744921873c6.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22761-4d28502eb5afb06f40eea744921873c6 + +info: + name: > + Ajax Contact Form <= 1.2.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Ajax Contact Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2.5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1451e291-f25a-4402-a613-c94330e4bf05?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22761 + metadata: + fofa-query: "wp-content/plugins/fws-ajax-contact-form/" + google-query: inurl:"/wp-content/plugins/fws-ajax-contact-form/" + shodan-query: 'vuln:CVE-2025-22761' + tags: cve,wordpress,wp-plugin,fws-ajax-contact-form,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fws-ajax-contact-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fws-ajax-contact-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.5.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22762-51b65cb3613308ec5e35066c7f6c746a.yaml b/nuclei-templates/2025/CVE-2025-22762-51b65cb3613308ec5e35066c7f6c746a.yaml new file mode 100644 index 0000000000..c20d52bd95 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22762-51b65cb3613308ec5e35066c7f6c746a.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22762-51b65cb3613308ec5e35066c7f6c746a + +info: + name: > + WordPress HelpDesk & Support Ticket System Plugin – Octrace Support <= 1.2.7 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The WordPress HelpDesk & Support Ticket System Plugin – Octrace Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0f83e62e-0a6f-4d95-93c4-552d59245552?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N + cvss-score: 4.4 + cve-id: CVE-2025-22762 + metadata: + fofa-query: "wp-content/plugins/octrace-support/" + google-query: inurl:"/wp-content/plugins/octrace-support/" + shodan-query: 'vuln:CVE-2025-22762' + tags: cve,wordpress,wp-plugin,octrace-support,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/octrace-support/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "octrace-support" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.7') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22763-39f931bc2e41f66829745858b1a8d1c5.yaml b/nuclei-templates/2025/CVE-2025-22763-39f931bc2e41f66829745858b1a8d1c5.yaml new file mode 100644 index 0000000000..11797cc856 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22763-39f931bc2e41f66829745858b1a8d1c5.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22763-39f931bc2e41f66829745858b1a8d1c5 + +info: + name: > + Brizy Pro <= 2.6.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Brizy Pro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/463c11ba-f307-4ab5-8de7-09f3a113cddd?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-22763 + metadata: + fofa-query: "wp-content/plugins/brizy-pro/" + google-query: inurl:"/wp-content/plugins/brizy-pro/" + shodan-query: 'vuln:CVE-2025-22763' + tags: cve,wordpress,wp-plugin,brizy-pro,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/brizy-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "brizy-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22764-0f1831a46004a4f8f7139bd70a503b78.yaml b/nuclei-templates/2025/CVE-2025-22764-0f1831a46004a4f8f7139bd70a503b78.yaml new file mode 100644 index 0000000000..c77205d878 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22764-0f1831a46004a4f8f7139bd70a503b78.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22764-0f1831a46004a4f8f7139bd70a503b78 + +info: + name: > + WP Post Corrector <= 1.0.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The WP Post Corrector plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4b2fa6c3-8a5d-47ad-9b6b-3ed0ba322a49?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-22764 + metadata: + fofa-query: "wp-content/plugins/wp-post-corrector/" + google-query: inurl:"/wp-content/plugins/wp-post-corrector/" + shodan-query: 'vuln:CVE-2025-22764' + tags: cve,wordpress,wp-plugin,wp-post-corrector,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-post-corrector/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-post-corrector" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.2') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22765-98f13956a2890d753a05b737023ad324.yaml b/nuclei-templates/2025/CVE-2025-22765-98f13956a2890d753a05b737023ad324.yaml new file mode 100644 index 0000000000..d0f54b911c --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22765-98f13956a2890d753a05b737023ad324.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22765-98f13956a2890d753a05b737023ad324 + +info: + name: > + WP Order By <= 1.4.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The WP Order By plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/618e7cb5-82ce-4794-967f-1dbb1ef36bcc?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-22765 + metadata: + fofa-query: "wp-content/plugins/wp-order-by/" + google-query: inurl:"/wp-content/plugins/wp-order-by/" + shodan-query: 'vuln:CVE-2025-22765' + tags: cve,wordpress,wp-plugin,wp-order-by,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-order-by/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-order-by" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.2') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22766-26ee53fd9dc849a06286f331d18207b0.yaml b/nuclei-templates/2025/CVE-2025-22766-26ee53fd9dc849a06286f331d18207b0.yaml new file mode 100644 index 0000000000..0480ab4bee --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22766-26ee53fd9dc849a06286f331d18207b0.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22766-26ee53fd9dc849a06286f331d18207b0 + +info: + name: > + Zarinpal Paid Download <= 2.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Zarinpal Paid Download plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9f857556-76fc-407a-8dd3-a248a566232a?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-22766 + metadata: + fofa-query: "wp-content/plugins/zarinpal-paid-downloads/" + google-query: inurl:"/wp-content/plugins/zarinpal-paid-downloads/" + shodan-query: 'vuln:CVE-2025-22766' + tags: cve,wordpress,wp-plugin,zarinpal-paid-downloads,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/zarinpal-paid-downloads/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "zarinpal-paid-downloads" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22769-6aa954b92bb88ccb08e5197ebe306313.yaml b/nuclei-templates/2025/CVE-2025-22769-6aa954b92bb88ccb08e5197ebe306313.yaml new file mode 100644 index 0000000000..0355377c4c --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22769-6aa954b92bb88ccb08e5197ebe306313.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22769-6aa954b92bb88ccb08e5197ebe306313 + +info: + name: > + Multifox <= 1.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Multifox theme for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/863c8d7f-106a-40e5-a679-a796225569ae?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22769 + metadata: + fofa-query: "wp-content/themes/multifox/" + google-query: inurl:"/wp-content/themes/multifox/" + shodan-query: 'vuln:CVE-2025-22769' + tags: cve,wordpress,wp-theme,multifox,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/multifox/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "multifox" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.7') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22770-d9298478029da69f1e4955826319ef48.yaml b/nuclei-templates/2025/CVE-2025-22770-d9298478029da69f1e4955826319ef48.yaml new file mode 100644 index 0000000000..ece85bdb11 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22770-d9298478029da69f1e4955826319ef48.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22770-d9298478029da69f1e4955826319ef48 + +info: + name: > + Envo Multipurpose <= 1.1.6 - Missing Authorization + author: topscoder + severity: low + description: > + The Envo Multipurpose theme for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.1.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e13df52d-17dc-471a-886c-f5a28e2d067e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 3.1 + cve-id: CVE-2025-22770 + metadata: + fofa-query: "wp-content/themes/envo-multipurpose/" + google-query: inurl:"/wp-content/themes/envo-multipurpose/" + shodan-query: 'vuln:CVE-2025-22770' + tags: cve,wordpress,wp-theme,envo-multipurpose,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/envo-multipurpose/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "envo-multipurpose" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.6') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22773-f8f0b68e07e5db112dbfe4fae4ff92bd.yaml b/nuclei-templates/2025/CVE-2025-22773-f8f0b68e07e5db112dbfe4fae4ff92bd.yaml new file mode 100644 index 0000000000..024e437b63 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22773-f8f0b68e07e5db112dbfe4fae4ff92bd.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22773-f8f0b68e07e5db112dbfe4fae4ff92bd + +info: + name: > + Htaccess File Editor <= 1.0.19 - Unauthenticated Information Exposure + author: topscoder + severity: medium + description: > + The Htaccess File Editor – Easily Edit, Backup, Restore .htaccess file plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.19 via the location of .htaccess file backups. This makes it possible for unauthenticated attackers to extract sensitive data that could be contained in .htaccess file backups. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5ad275a2-c559-4a2f-8f82-646cb75285a7?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.3 + cve-id: CVE-2025-22773 + metadata: + fofa-query: "wp-content/plugins/htaccess-file-editor/" + google-query: inurl:"/wp-content/plugins/htaccess-file-editor/" + shodan-query: 'vuln:CVE-2025-22773' + tags: cve,wordpress,wp-plugin,htaccess-file-editor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/htaccess-file-editor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "htaccess-file-editor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.19') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22776-38568dc2d5ceda1b2e3982904b6bf682.yaml b/nuclei-templates/2025/CVE-2025-22776-38568dc2d5ceda1b2e3982904b6bf682.yaml new file mode 100644 index 0000000000..f3c1028d13 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22776-38568dc2d5ceda1b2e3982904b6bf682.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22776-38568dc2d5ceda1b2e3982904b6bf682 + +info: + name: > + WP Bulletin Board <= 1.1.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The WP Bulletin Board plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.1.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e287fa29-07a7-4fbd-9bf2-c3eee8514a20?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-22776 + metadata: + fofa-query: "wp-content/plugins/wp-bulletin-board/" + google-query: inurl:"/wp-content/plugins/wp-bulletin-board/" + shodan-query: 'vuln:CVE-2025-22776' + tags: cve,wordpress,wp-plugin,wp-bulletin-board,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-bulletin-board/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-bulletin-board" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.4') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22777-15ca195d7ea0f59aba874ecab7ec9f02.yaml b/nuclei-templates/2025/CVE-2025-22777-15ca195d7ea0f59aba874ecab7ec9f02.yaml new file mode 100644 index 0000000000..3dc26f5e1b --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22777-15ca195d7ea0f59aba874ecab7ec9f02.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22777-15ca195d7ea0f59aba874ecab7ec9f02 + +info: + name: > + GiveWP – Donation Plugin and Fundraising Platform <= 3.19.3 - Unauthenticated PHP Object Injection + author: topscoder + severity: critical + description: > + The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.19.3 via deserialization of untrusted input from the donation form through the 'company' parameter. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to delete arbitrary files on the server that makes remote code execution possible. Please note this covers a bypass to the fix for CVE-2024-12877. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/06a7ff0b-ec6b-490c-9bb0-fbb5c1c337c4?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2025-22777 + metadata: + fofa-query: "wp-content/plugins/give/" + google-query: inurl:"/wp-content/plugins/give/" + shodan-query: 'vuln:CVE-2025-22777' + tags: cve,wordpress,wp-plugin,give,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/give/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "give" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.19.3') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22778-e3228fe39ccf077b6c2dee95d78c8fe6.yaml b/nuclei-templates/2025/CVE-2025-22778-e3228fe39ccf077b6c2dee95d78c8fe6.yaml new file mode 100644 index 0000000000..ee9d76b912 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22778-e3228fe39ccf077b6c2dee95d78c8fe6.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22778-e3228fe39ccf077b6c2dee95d78c8fe6 + +info: + name: > + Lijit Search <= 1.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Lijit Search plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0104d718-2b55-4d2e-93db-dcca7da2913d?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-22778 + metadata: + fofa-query: "wp-content/plugins/wp-lijit-wijit/" + google-query: inurl:"/wp-content/plugins/wp-lijit-wijit/" + shodan-query: 'vuln:CVE-2025-22778' + tags: cve,wordpress,wp-plugin,wp-lijit-wijit,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-lijit-wijit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-lijit-wijit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22779-cb584c6f98cd3e281d4650a5457e569e.yaml b/nuclei-templates/2025/CVE-2025-22779-cb584c6f98cd3e281d4650a5457e569e.yaml new file mode 100644 index 0000000000..99f500f153 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22779-cb584c6f98cd3e281d4650a5457e569e.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22779-cb584c6f98cd3e281d4650a5457e569e + +info: + name: > + WP News Sliders <= 1.0 - Missing Authorization + author: topscoder + severity: low + description: > + The WP News Sliders plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3e8bf22a-a2bf-411a-89b6-ffd576b22c9f?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2025-22779 + metadata: + fofa-query: "wp-content/plugins/wp-news-sliders/" + google-query: inurl:"/wp-content/plugins/wp-news-sliders/" + shodan-query: 'vuln:CVE-2025-22779' + tags: cve,wordpress,wp-plugin,wp-news-sliders,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-news-sliders/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-news-sliders" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22780-bb92c0a05c09116ce64335d53788d526.yaml b/nuclei-templates/2025/CVE-2025-22780-bb92c0a05c09116ce64335d53788d526.yaml new file mode 100644 index 0000000000..309784cd54 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22780-bb92c0a05c09116ce64335d53788d526.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22780-bb92c0a05c09116ce64335d53788d526 + +info: + name: > + wp-pano <= 1.17 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The wp-pano plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.17 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/228763ff-e6b0-4bba-b74f-50652e32c050?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22780 + metadata: + fofa-query: "wp-content/plugins/wp-pano/" + google-query: inurl:"/wp-content/plugins/wp-pano/" + shodan-query: 'vuln:CVE-2025-22780' + tags: cve,wordpress,wp-plugin,wp-pano,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-pano/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-pano" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.17') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22781-f613ca4db48255b5c730fac6b5b91cdc.yaml b/nuclei-templates/2025/CVE-2025-22781-f613ca4db48255b5c730fac6b5b91cdc.yaml new file mode 100644 index 0000000000..9d2c10c222 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22781-f613ca4db48255b5c730fac6b5b91cdc.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22781-f613ca4db48255b5c730fac6b5b91cdc + +info: + name: > + Nativery <= 0.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Nativery plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 0.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6077096a-297c-4f15-b52c-ae0532bfece3?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22781 + metadata: + fofa-query: "wp-content/plugins/nativery/" + google-query: inurl:"/wp-content/plugins/nativery/" + shodan-query: 'vuln:CVE-2025-22781' + tags: cve,wordpress,wp-plugin,nativery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nativery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nativery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.1.6') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22782-096e6949d9cf917ddd4ce0674ad010a5.yaml b/nuclei-templates/2025/CVE-2025-22782-096e6949d9cf917ddd4ce0674ad010a5.yaml new file mode 100644 index 0000000000..a50c9542bc --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22782-096e6949d9cf917ddd4ce0674ad010a5.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22782-096e6949d9cf917ddd4ce0674ad010a5 + +info: + name: > + WR Price List Manager For Woocommerce <= 1.0.8 - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + The WR Price List Manager For Woocommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.0.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0a56b177-3af4-46ee-93d8-f1a36115f43e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2025-22782 + metadata: + fofa-query: "wp-content/plugins/wr-price-list-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/wr-price-list-for-woocommerce/" + shodan-query: 'vuln:CVE-2025-22782' + tags: cve,wordpress,wp-plugin,wr-price-list-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wr-price-list-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wr-price-list-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.8') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22784-044be6ac1e9b937edf988099b1ab83a3.yaml b/nuclei-templates/2025/CVE-2025-22784-044be6ac1e9b937edf988099b1ab83a3.yaml new file mode 100644 index 0000000000..b946f1eb6f --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22784-044be6ac1e9b937edf988099b1ab83a3.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22784-044be6ac1e9b937edf988099b1ab83a3 + +info: + name: > + Background Control <= 1.0.5 - Cross-Site Request Forgery to Arbitrary File Deletion + author: topscoder + severity: medium + description: > + The Background Control plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.5. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to delete arbitrary files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b20a793a-82ff-41ba-95a2-3c3b4f98617d?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H + cvss-score: 8.1 + cve-id: CVE-2025-22784 + metadata: + fofa-query: "wp-content/plugins/background-control/" + google-query: inurl:"/wp-content/plugins/background-control/" + shodan-query: 'vuln:CVE-2025-22784' + tags: cve,wordpress,wp-plugin,background-control,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/background-control/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "background-control" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.5') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22785-8dcdb49d956a45f55368994af0462d47.yaml b/nuclei-templates/2025/CVE-2025-22785-8dcdb49d956a45f55368994af0462d47.yaml new file mode 100644 index 0000000000..728e2351d7 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22785-8dcdb49d956a45f55368994af0462d47.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22785-8dcdb49d956a45f55368994af0462d47 + +info: + name: > + Course Booking System <= 6.0.5 - Unauthenticated SQL Injection + author: topscoder + severity: critical + description: > + The Course Booking System plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 6.0.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a96f99ba-982b-4dac-a9ce-e75af85cd5d5?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cve-id: CVE-2025-22785 + metadata: + fofa-query: "wp-content/plugins/course-booking-system/" + google-query: inurl:"/wp-content/plugins/course-booking-system/" + shodan-query: 'vuln:CVE-2025-22785' + tags: cve,wordpress,wp-plugin,course-booking-system,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/course-booking-system/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "course-booking-system" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.0.5') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22786-c122ade27d522016d09ebcdfd11e22e3.yaml b/nuclei-templates/2025/CVE-2025-22786-c122ade27d522016d09ebcdfd11e22e3.yaml new file mode 100644 index 0000000000..62189ea68b --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22786-c122ade27d522016d09ebcdfd11e22e3.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22786-c122ade27d522016d09ebcdfd11e22e3 + +info: + name: > + ElementInvader Addons for Elementor <= 1.2.6 - Authenticated (Contributor+) Local File Inclusion + author: topscoder + severity: low + description: > + The ElementInvader Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.2.6. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1c49f37f-62eb-40ce-9c9e-e7e8785fc114?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2025-22786 + metadata: + fofa-query: "wp-content/plugins/elementinvader-addons-for-elementor/" + google-query: inurl:"/wp-content/plugins/elementinvader-addons-for-elementor/" + shodan-query: 'vuln:CVE-2025-22786' + tags: cve,wordpress,wp-plugin,elementinvader-addons-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/elementinvader-addons-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "elementinvader-addons-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.6') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22787-158e9ee60a651b4efcc0aea49b715866.yaml b/nuclei-templates/2025/CVE-2025-22787-158e9ee60a651b4efcc0aea49b715866.yaml new file mode 100644 index 0000000000..7711daa0e9 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22787-158e9ee60a651b4efcc0aea49b715866.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22787-158e9ee60a651b4efcc0aea49b715866 + +info: + name: > + Button Block <= 1.1.5 - Missing Authorization + author: topscoder + severity: low + description: > + The Button Block – Get fully customizable & multi-functional buttons plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.1.5. This makes it possible for authenticated attackers, with Contributor-level access and above, to perform an unauthorized action. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/745da883-c9f2-438c-8a22-bd3d1a729424?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N + cvss-score: 4.3 + cve-id: CVE-2025-22787 + metadata: + fofa-query: "wp-content/plugins/button-block/" + google-query: inurl:"/wp-content/plugins/button-block/" + shodan-query: 'vuln:CVE-2025-22787' + tags: cve,wordpress,wp-plugin,button-block,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/button-block/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "button-block" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.5') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22788-c6455e35ed72b9ef51d9583bb8a7a84e.yaml b/nuclei-templates/2025/CVE-2025-22788-c6455e35ed72b9ef51d9583bb8a7a84e.yaml new file mode 100644 index 0000000000..5a08063af1 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22788-c6455e35ed72b9ef51d9583bb8a7a84e.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22788-c6455e35ed72b9ef51d9583bb8a7a84e + +info: + name: > + CoDesigner WooCommerce Builder for Elementor <= 4.7.17.3 - Authenticated (Author+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The CoDesigner WooCommerce Builder for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.7.17.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/be71a324-2bf9-4257-947d-6998d59ad7cc?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22788 + metadata: + fofa-query: "wp-content/plugins/woolementor/" + google-query: inurl:"/wp-content/plugins/woolementor/" + shodan-query: 'vuln:CVE-2025-22788' + tags: cve,wordpress,wp-plugin,woolementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woolementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woolementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.7.17.3') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22789-148772916fb0810929964cdbdd92e8ec.yaml b/nuclei-templates/2025/CVE-2025-22789-148772916fb0810929964cdbdd92e8ec.yaml new file mode 100644 index 0000000000..583a0b9fd4 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22789-148772916fb0810929964cdbdd92e8ec.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22789-148772916fb0810929964cdbdd92e8ec + +info: + name: > + polka dots <= 1.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The polka dots theme for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1405e58a-0783-46f7-bbf0-9645777ed64e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-22789 + metadata: + fofa-query: "wp-content/themes/polka-dots/" + google-query: inurl:"/wp-content/themes/polka-dots/" + shodan-query: 'vuln:CVE-2025-22789' + tags: cve,wordpress,wp-theme,polka-dots,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/polka-dots/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "polka-dots" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22790-6c07ff28e4922b9d67f9320bb1dfe357.yaml b/nuclei-templates/2025/CVE-2025-22790-6c07ff28e4922b9d67f9320bb1dfe357.yaml new file mode 100644 index 0000000000..03f3df116d --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22790-6c07ff28e4922b9d67f9320bb1dfe357.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22790-6c07ff28e4922b9d67f9320bb1dfe357 + +info: + name: > + moseter <= 1.3.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The moseter theme for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1d95e90d-f8f4-4e9f-b8c9-cfd89516679e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-22790 + metadata: + fofa-query: "wp-content/themes/moseter/" + google-query: inurl:"/wp-content/themes/moseter/" + shodan-query: 'vuln:CVE-2025-22790' + tags: cve,wordpress,wp-theme,moseter,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/moseter/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "moseter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22791-54e1f7697c202af126d3e1f8f41eab40.yaml b/nuclei-templates/2025/CVE-2025-22791-54e1f7697c202af126d3e1f8f41eab40.yaml new file mode 100644 index 0000000000..59cdcbd6a1 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22791-54e1f7697c202af126d3e1f8f41eab40.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22791-54e1f7697c202af126d3e1f8f41eab40 + +info: + name: > + offset writing <= 1.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The offset writing theme for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f849d0e8-2b08-41de-ac18-c8d6e98ffa83?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-22791 + metadata: + fofa-query: "wp-content/themes/offset-writing/" + google-query: inurl:"/wp-content/themes/offset-writing/" + shodan-query: 'vuln:CVE-2025-22791' + tags: cve,wordpress,wp-theme,offset-writing,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/offset-writing/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "offset-writing" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22792-877d84c5d8841cf27defec7d0fab3fd4.yaml b/nuclei-templates/2025/CVE-2025-22792-877d84c5d8841cf27defec7d0fab3fd4.yaml new file mode 100644 index 0000000000..56710c03ef --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22792-877d84c5d8841cf27defec7d0fab3fd4.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22792-877d84c5d8841cf27defec7d0fab3fd4 + +info: + name: > + Js O3 Lite <= 1.5.8.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Js O3 Lite theme for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.5.8.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b320c501-ed90-470b-a46f-d6dbe649bbd8?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-22792 + metadata: + fofa-query: "wp-content/themes/js-o3-lite/" + google-query: inurl:"/wp-content/themes/js-o3-lite/" + shodan-query: 'vuln:CVE-2025-22792' + tags: cve,wordpress,wp-theme,js-o3-lite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/js-o3-lite/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "js-o3-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.8.2') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22793-10ef562296995d89c7ded4c78f526c63.yaml b/nuclei-templates/2025/CVE-2025-22793-10ef562296995d89c7ded4c78f526c63.yaml new file mode 100644 index 0000000000..f4494192b0 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22793-10ef562296995d89c7ded4c78f526c63.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22793-10ef562296995d89c7ded4c78f526c63 + +info: + name: > + Bold pagos en linea <= 3.1.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Bold pagos en linea plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 3.1.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/71859023-c64a-4d77-8505-33fe4fae2475?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-22793 + metadata: + fofa-query: "wp-content/plugins/bold-pagos-en-linea/" + google-query: inurl:"/wp-content/plugins/bold-pagos-en-linea/" + shodan-query: 'vuln:CVE-2025-22793' + tags: cve,wordpress,wp-plugin,bold-pagos-en-linea,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bold-pagos-en-linea/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bold-pagos-en-linea" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.4') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22795-1ce64ebc9967fbdfb9857ebfbe78b8ef.yaml b/nuclei-templates/2025/CVE-2025-22795-1ce64ebc9967fbdfb9857ebfbe78b8ef.yaml new file mode 100644 index 0000000000..78c45013a5 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22795-1ce64ebc9967fbdfb9857ebfbe78b8ef.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22795-1ce64ebc9967fbdfb9857ebfbe78b8ef + +info: + name: > + Multilang Contact Form <= 1.5 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Multilang Contact Form plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f821bc5d-4590-4dfb-b709-73476a7eeac2?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-22795 + metadata: + fofa-query: "wp-content/plugins/multilang-contact-form/" + google-query: inurl:"/wp-content/plugins/multilang-contact-form/" + shodan-query: 'vuln:CVE-2025-22795' + tags: cve,wordpress,wp-plugin,multilang-contact-form,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/multilang-contact-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "multilang-contact-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22797-5ff210be9d5b3eda9fd4b8e14eda26be.yaml b/nuclei-templates/2025/CVE-2025-22797-5ff210be9d5b3eda9fd4b8e14eda26be.yaml new file mode 100644 index 0000000000..b6ff20d694 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22797-5ff210be9d5b3eda9fd4b8e14eda26be.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22797-5ff210be9d5b3eda9fd4b8e14eda26be + +info: + name: > + Gallery and Lightbox <= 1.0.14 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Gallery and Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/07bcf9e3-a38b-4003-be3a-f076293886dd?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22797 + metadata: + fofa-query: "wp-content/plugins/gallery-and-lightbox/" + google-query: inurl:"/wp-content/plugins/gallery-and-lightbox/" + shodan-query: 'vuln:CVE-2025-22797' + tags: cve,wordpress,wp-plugin,gallery-and-lightbox,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gallery-and-lightbox/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gallery-and-lightbox" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.14') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22798-ab1a20cf597eaf6ace2906439ba8a413.yaml b/nuclei-templates/2025/CVE-2025-22798-ab1a20cf597eaf6ace2906439ba8a413.yaml new file mode 100644 index 0000000000..79ddfcd2df --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22798-ab1a20cf597eaf6ace2906439ba8a413.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22798-ab1a20cf597eaf6ace2906439ba8a413 + +info: + name: > + Responsive jQuery Slider <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Responsive jQuery Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/78d63e8d-447e-462a-bdce-7824d6db4101?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22798 + metadata: + fofa-query: "wp-content/plugins/responsive-jquery-slider/" + google-query: inurl:"/wp-content/plugins/responsive-jquery-slider/" + shodan-query: 'vuln:CVE-2025-22798' + tags: cve,wordpress,wp-plugin,responsive-jquery-slider,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/responsive-jquery-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "responsive-jquery-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22799-17810e66f1b8770ad1637de4c98585a1.yaml b/nuclei-templates/2025/CVE-2025-22799-17810e66f1b8770ad1637de4c98585a1.yaml new file mode 100644 index 0000000000..02e9a9654e --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22799-17810e66f1b8770ad1637de4c98585a1.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22799-17810e66f1b8770ad1637de4c98585a1 + +info: + name: > + Neon Product Designer <= 2.1.1 - Authenticated (Contributor+) SQL Injection + author: topscoder + severity: low + description: > + The Neon Product Designer plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 2.1.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1531ed5e-cb47-447d-87dc-5a06a88073d5?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N + cvss-score: 6.5 + cve-id: CVE-2025-22799 + metadata: + fofa-query: "wp-content/plugins/neon-product-designer-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/neon-product-designer-for-woocommerce/" + shodan-query: 'vuln:CVE-2025-22799' + tags: cve,wordpress,wp-plugin,neon-product-designer-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/neon-product-designer-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "neon-product-designer-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22800-e13d8ba1788dc1eabbc4eb7c6dfa10ce.yaml b/nuclei-templates/2025/CVE-2025-22800-e13d8ba1788dc1eabbc4eb7c6dfa10ce.yaml new file mode 100644 index 0000000000..79b85fd65a --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22800-e13d8ba1788dc1eabbc4eb7c6dfa10ce.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22800-e13d8ba1788dc1eabbc4eb7c6dfa10ce + +info: + name: > + Post SMTP <= 2.9.11 - Missing Authorization via regenerate_qrcode() + author: topscoder + severity: low + description: > + The Post SMTP plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the regenerate_qrcode() function in versions up to, and including, 2.9.11. This makes it possible for authenticated attackers, with subscriber-level access and above, to generate QR codes. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/763a7dec-72e3-46d2-a82e-268c577e0289?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2025-22800 + metadata: + fofa-query: "wp-content/plugins/post-smtp/" + google-query: inurl:"/wp-content/plugins/post-smtp/" + shodan-query: 'vuln:CVE-2025-22800' + tags: cve,wordpress,wp-plugin,post-smtp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/post-smtp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "post-smtp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.11') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22801-5b7128ceb199efe44b48669ee75d16c2.yaml b/nuclei-templates/2025/CVE-2025-22801-5b7128ceb199efe44b48669ee75d16c2.yaml new file mode 100644 index 0000000000..4ca782489b --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22801-5b7128ceb199efe44b48669ee75d16c2.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22801-5b7128ceb199efe44b48669ee75d16c2 + +info: + name: > + Free WooCommerce Theme 99fy Extension <= 1.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Free WooCommerce Theme 99fy Extension plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/757e7eec-ac03-4d5b-8307-b167f9b3d5b5?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22801 + metadata: + fofa-query: "wp-content/plugins/99fy-core/" + google-query: inurl:"/wp-content/plugins/99fy-core/" + shodan-query: 'vuln:CVE-2025-22801' + tags: cve,wordpress,wp-plugin,99fy-core,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/99fy-core/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "99fy-core" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.8') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22802-eed4a9a8e9c904d06e338a39bb1ad02c.yaml b/nuclei-templates/2025/CVE-2025-22802-eed4a9a8e9c904d06e338a39bb1ad02c.yaml new file mode 100644 index 0000000000..876231ca64 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22802-eed4a9a8e9c904d06e338a39bb1ad02c.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22802-eed4a9a8e9c904d06e338a39bb1ad02c + +info: + name: > + Email Templates Customizer for WordPress – Drag And Drop Email Templates Builder – YeeMail <= 2.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Email Templates Customizer for WordPress – Drag And Drop Email Templates Builder – YeeMail plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0a44013c-00c6-4d47-867c-a42091c96efd?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22802 + metadata: + fofa-query: "wp-content/plugins/yeemail/" + google-query: inurl:"/wp-content/plugins/yeemail/" + shodan-query: 'vuln:CVE-2025-22802' + tags: cve,wordpress,wp-plugin,yeemail,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yeemail/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yeemail" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.4') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22803-d57691343b05fcd7ae9997f217204c6f.yaml b/nuclei-templates/2025/CVE-2025-22803-d57691343b05fcd7ae9997f217204c6f.yaml new file mode 100644 index 0000000000..154747a6b7 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22803-d57691343b05fcd7ae9997f217204c6f.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22803-d57691343b05fcd7ae9997f217204c6f + +info: + name: > + Advanced Product Information for WooCommerce <= 1.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Advanced Product Information for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.4 due to insufficient input sanitization and output escaping via the plugin's 'wapinfo_badges' shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/91253487-b82e-4431-aa16-76d94c063c83?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22803 + metadata: + fofa-query: "wp-content/plugins/woo-advanced-product-information/" + google-query: inurl:"/wp-content/plugins/woo-advanced-product-information/" + shodan-query: 'vuln:CVE-2025-22803' + tags: cve,wordpress,wp-plugin,woo-advanced-product-information,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-advanced-product-information/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-advanced-product-information" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.4') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22804-490583da1687fa3d963adc7f675b0307.yaml b/nuclei-templates/2025/CVE-2025-22804-490583da1687fa3d963adc7f675b0307.yaml new file mode 100644 index 0000000000..c1ddee503b --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22804-490583da1687fa3d963adc7f675b0307.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22804-490583da1687fa3d963adc7f675b0307 + +info: + name: > + Author Avatars List/Block <= 2.1.23 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Author Avatars List/Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.1.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0725a122-9ad3-45bf-bf80-80881520634a?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22804 + metadata: + fofa-query: "wp-content/plugins/author-avatars/" + google-query: inurl:"/wp-content/plugins/author-avatars/" + shodan-query: 'vuln:CVE-2025-22804' + tags: cve,wordpress,wp-plugin,author-avatars,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/author-avatars/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "author-avatars" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.23') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22805-82868a043e954ce11114ce9caee019d4.yaml b/nuclei-templates/2025/CVE-2025-22805-82868a043e954ce11114ce9caee019d4.yaml new file mode 100644 index 0000000000..188b235bad --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22805-82868a043e954ce11114ce9caee019d4.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22805-82868a043e954ce11114ce9caee019d4 + +info: + name: > + Skill Bar <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Skill Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/88c2033d-705e-4950-b6c8-7039e365dcc0?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22805 + metadata: + fofa-query: "wp-content/plugins/skillbars/" + google-query: inurl:"/wp-content/plugins/skillbars/" + shodan-query: 'vuln:CVE-2025-22805' + tags: cve,wordpress,wp-plugin,skillbars,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/skillbars/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "skillbars" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22806-b9d680a67cbbcec76a995325e9b5ca0f.yaml b/nuclei-templates/2025/CVE-2025-22806-b9d680a67cbbcec76a995325e9b5ca0f.yaml new file mode 100644 index 0000000000..7f4af2e6a9 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22806-b9d680a67cbbcec76a995325e9b5ca0f.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22806-b9d680a67cbbcec76a995325e9b5ca0f + +info: + name: > + Black Widgets For Elementor <= 1.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Black Widgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2edabe6d-329f-4b17-b74d-849a0c7c0ef1?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22806 + metadata: + fofa-query: "wp-content/plugins/black-widgets/" + google-query: inurl:"/wp-content/plugins/black-widgets/" + shodan-query: 'vuln:CVE-2025-22806' + tags: cve,wordpress,wp-plugin,black-widgets,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/black-widgets/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "black-widgets" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.8') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22807-ee2d739956e8bbdf24a0e0114ad00ba7.yaml b/nuclei-templates/2025/CVE-2025-22807-ee2d739956e8bbdf24a0e0114ad00ba7.yaml new file mode 100644 index 0000000000..118aec48aa --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22807-ee2d739956e8bbdf24a0e0114ad00ba7.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22807-ee2d739956e8bbdf24a0e0114ad00ba7 + +info: + name: > + Responsive Flickr Slideshow <= 2.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Responsive Flickr Slideshow plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.6.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bda01b23-1759-433a-971d-73b8458ad9ce?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22807 + metadata: + fofa-query: "wp-content/plugins/mobile-friendly-flickr-slideshow/" + google-query: inurl:"/wp-content/plugins/mobile-friendly-flickr-slideshow/" + shodan-query: 'vuln:CVE-2025-22807' + tags: cve,wordpress,wp-plugin,mobile-friendly-flickr-slideshow,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mobile-friendly-flickr-slideshow/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mobile-friendly-flickr-slideshow" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22808-3a9d8bbf65abec54c0d14b0e7185e59b.yaml b/nuclei-templates/2025/CVE-2025-22808-3a9d8bbf65abec54c0d14b0e7185e59b.yaml new file mode 100644 index 0000000000..021e14efaa --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22808-3a9d8bbf65abec54c0d14b0e7185e59b.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22808-3a9d8bbf65abec54c0d14b0e7185e59b + +info: + name: > + Surbma | Premium WP <= 9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Surbma | Premium WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 9.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/985115ca-56f0-48ca-ae58-f09e1cc80046?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22808 + metadata: + fofa-query: "wp-content/plugins/surbma-premium-wp/" + google-query: inurl:"/wp-content/plugins/surbma-premium-wp/" + shodan-query: 'vuln:CVE-2025-22808' + tags: cve,wordpress,wp-plugin,surbma-premium-wp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/surbma-premium-wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "surbma-premium-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22809-c4fb181a9b46816f3ca42d9c5db0206e.yaml b/nuclei-templates/2025/CVE-2025-22809-c4fb181a9b46816f3ca42d9c5db0206e.yaml new file mode 100644 index 0000000000..d08a88a558 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22809-c4fb181a9b46816f3ca42d9c5db0206e.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22809-c4fb181a9b46816f3ca42d9c5db0206e + +info: + name: > + PDF Catalog Woocommerce <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The PDF Catalog Woocommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6f3fd683-9522-4e41-9ae7-751837c1844f?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22809 + metadata: + fofa-query: "wp-content/plugins/pdf-catalog-woocommerce/" + google-query: inurl:"/wp-content/plugins/pdf-catalog-woocommerce/" + shodan-query: 'vuln:CVE-2025-22809' + tags: cve,wordpress,wp-plugin,pdf-catalog-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pdf-catalog-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pdf-catalog-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22810-279c460ceab2cd25d90edad62e138661.yaml b/nuclei-templates/2025/CVE-2025-22810-279c460ceab2cd25d90edad62e138661.yaml new file mode 100644 index 0000000000..4476e81d05 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22810-279c460ceab2cd25d90edad62e138661.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22810-279c460ceab2cd25d90edad62e138661 + +info: + name: > + Content Blocks Builder <= 2.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Content Blocks Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.7.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2f5b0e3a-037d-42e1-8369-2a74369ec9fc?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22810 + metadata: + fofa-query: "wp-content/plugins/content-blocks-builder/" + google-query: inurl:"/wp-content/plugins/content-blocks-builder/" + shodan-query: 'vuln:CVE-2025-22810' + tags: cve,wordpress,wp-plugin,content-blocks-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/content-blocks-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "content-blocks-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.6') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22811-cb60661af7ab496ab2597b43fb6d8c3f.yaml b/nuclei-templates/2025/CVE-2025-22811-cb60661af7ab496ab2597b43fb6d8c3f.yaml new file mode 100644 index 0000000000..f2a77d2a80 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22811-cb60661af7ab496ab2597b43fb6d8c3f.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22811-cb60661af7ab496ab2597b43fb6d8c3f + +info: + name: > + MT Addons for Elementor <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The MT Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cc10a78a-7950-4ebe-a8c2-a61156b60842?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22811 + metadata: + fofa-query: "wp-content/plugins/mt-addons-for-elementor/" + google-query: inurl:"/wp-content/plugins/mt-addons-for-elementor/" + shodan-query: 'vuln:CVE-2025-22811' + tags: cve,wordpress,wp-plugin,mt-addons-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mt-addons-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mt-addons-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.6') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22812-75c51fc20a197f3aee4465e2e50d55bf.yaml b/nuclei-templates/2025/CVE-2025-22812-75c51fc20a197f3aee4465e2e50d55bf.yaml new file mode 100644 index 0000000000..9843c60c9b --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22812-75c51fc20a197f3aee4465e2e50d55bf.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22812-75c51fc20a197f3aee4465e2e50d55bf + +info: + name: > + News Ticker Widget for Elementor <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The News Ticker Widget for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2da2c677-505c-4d7f-aaee-89dd8645be2d?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22812 + metadata: + fofa-query: "wp-content/plugins/news-ticker-widget-for-elementor/" + google-query: inurl:"/wp-content/plugins/news-ticker-widget-for-elementor/" + shodan-query: 'vuln:CVE-2025-22812' + tags: cve,wordpress,wp-plugin,news-ticker-widget-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/news-ticker-widget-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "news-ticker-widget-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.2') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22813-0835a24c0a38f0af30092d42515ef437.yaml b/nuclei-templates/2025/CVE-2025-22813-0835a24c0a38f0af30092d42515ef437.yaml new file mode 100644 index 0000000000..38fa7816e0 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22813-0835a24c0a38f0af30092d42515ef437.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22813-0835a24c0a38f0af30092d42515ef437 + +info: + name: > + Conversational Forms for ChatBot <= 1.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Conversational Forms for ChatBot plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ea174c08-4601-4f40-a6d0-a4fc95bf71e9?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22813 + metadata: + fofa-query: "wp-content/plugins/conversational-forms/" + google-query: inurl:"/wp-content/plugins/conversational-forms/" + shodan-query: 'vuln:CVE-2025-22813' + tags: cve,wordpress,wp-plugin,conversational-forms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/conversational-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "conversational-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.2') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22814-3b4941e5ab16049a5667f494864d071d.yaml b/nuclei-templates/2025/CVE-2025-22814-3b4941e5ab16049a5667f494864d071d.yaml new file mode 100644 index 0000000000..339649f105 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22814-3b4941e5ab16049a5667f494864d071d.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22814-3b4941e5ab16049a5667f494864d071d + +info: + name: > + Zephyr Admin Theme <= 1.4.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Zephyr Admin Theme plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.1. This is due to missing or incorrect nonce validation on the zat_check_save_settings() function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8e809215-8b20-4a36-acd9-d16cf4a55bc5?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-22814 + metadata: + fofa-query: "wp-content/plugins/zephyr-modern-admin-theme/" + google-query: inurl:"/wp-content/plugins/zephyr-modern-admin-theme/" + shodan-query: 'vuln:CVE-2025-22814' + tags: cve,wordpress,wp-plugin,zephyr-modern-admin-theme,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/zephyr-modern-admin-theme/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "zephyr-modern-admin-theme" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22815-96ec3983e24d20c74fc9bc2765a2e0c3.yaml b/nuclei-templates/2025/CVE-2025-22815-96ec3983e24d20c74fc9bc2765a2e0c3.yaml new file mode 100644 index 0000000000..749b8be043 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22815-96ec3983e24d20c74fc9bc2765a2e0c3.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22815-96ec3983e24d20c74fc9bc2765a2e0c3 + +info: + name: > + Button Block <= 1.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Button Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/80ce6564-8559-4e99-a69e-d210db5c87f3?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22815 + metadata: + fofa-query: "wp-content/plugins/button-block/" + google-query: inurl:"/wp-content/plugins/button-block/" + shodan-query: 'vuln:CVE-2025-22815' + tags: cve,wordpress,wp-plugin,button-block,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/button-block/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "button-block" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.6') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22816-ef7fa1b7e825efc32b5ed81834d4f5af.yaml b/nuclei-templates/2025/CVE-2025-22816-ef7fa1b7e825efc32b5ed81834d4f5af.yaml new file mode 100644 index 0000000000..32f70ec7a0 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22816-ef7fa1b7e825efc32b5ed81834d4f5af.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22816-ef7fa1b7e825efc32b5ed81834d4f5af + +info: + name: > + Power Mag <= 1.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Power Mag theme for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/198b56cd-ac1a-4963-a2db-0a04f6b2fa2c?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22816 + metadata: + fofa-query: "wp-content/themes/power-mag/" + google-query: inurl:"/wp-content/themes/power-mag/" + shodan-query: 'vuln:CVE-2025-22816' + tags: cve,wordpress,wp-theme,power-mag,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/power-mag/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "power-mag" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.5') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22817-a1ec23dbba2d57dbc2701e6e9cbc1308.yaml b/nuclei-templates/2025/CVE-2025-22817-a1ec23dbba2d57dbc2701e6e9cbc1308.yaml new file mode 100644 index 0000000000..bdb020211e --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22817-a1ec23dbba2d57dbc2701e6e9cbc1308.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22817-a1ec23dbba2d57dbc2701e6e9cbc1308 + +info: + name: > + BP Profile Shortcodes Extra <= 2.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The BP Profile Shortcodes Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.6.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6a363a7b-16c1-4350-b24c-b3ccf8514a58?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22817 + metadata: + fofa-query: "wp-content/plugins/bp-profile-shortcodes-extra/" + google-query: inurl:"/wp-content/plugins/bp-profile-shortcodes-extra/" + shodan-query: 'vuln:CVE-2025-22817' + tags: cve,wordpress,wp-plugin,bp-profile-shortcodes-extra,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bp-profile-shortcodes-extra/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bp-profile-shortcodes-extra" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22818-d2b38ddd2f9d1801c887abe817fb6722.yaml b/nuclei-templates/2025/CVE-2025-22818-d2b38ddd2f9d1801c887abe817fb6722.yaml new file mode 100644 index 0000000000..f9b3b3c9fd --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22818-d2b38ddd2f9d1801c887abe817fb6722.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22818-d2b38ddd2f9d1801c887abe817fb6722 + +info: + name: > + S3Player – WooCommerce & Elementor Integration <= 4.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The S3Player – WooCommerce & Elementor Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cc9e9238-7695-4ae1-83cb-8e321615a9b1?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22818 + metadata: + fofa-query: "wp-content/plugins/drm-protected-video-streaming/" + google-query: inurl:"/wp-content/plugins/drm-protected-video-streaming/" + shodan-query: 'vuln:CVE-2025-22818' + tags: cve,wordpress,wp-plugin,drm-protected-video-streaming,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/drm-protected-video-streaming/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "drm-protected-video-streaming" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22819-231904322c264fb53de99bd4410cda05.yaml b/nuclei-templates/2025/CVE-2025-22819-231904322c264fb53de99bd4410cda05.yaml new file mode 100644 index 0000000000..84a9b21ba0 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22819-231904322c264fb53de99bd4410cda05.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22819-231904322c264fb53de99bd4410cda05 + +info: + name: > + Qr Code and Barcode Scanner Reader <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Qr Code and Barcode Scanner Reader plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0f58bfbc-82b7-4155-af19-d17d5ed4238b?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22819 + metadata: + fofa-query: "wp-content/plugins/qr-code-and-barcode-scanner-reader/" + google-query: inurl:"/wp-content/plugins/qr-code-and-barcode-scanner-reader/" + shodan-query: 'vuln:CVE-2025-22819' + tags: cve,wordpress,wp-plugin,qr-code-and-barcode-scanner-reader,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/qr-code-and-barcode-scanner-reader/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "qr-code-and-barcode-scanner-reader" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22820-7d97e74fd4355a00a55ee6a646f028b4.yaml b/nuclei-templates/2025/CVE-2025-22820-7d97e74fd4355a00a55ee6a646f028b4.yaml new file mode 100644 index 0000000000..25c81640c5 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22820-7d97e74fd4355a00a55ee6a646f028b4.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22820-7d97e74fd4355a00a55ee6a646f028b4 + +info: + name: > + VR Views <= 1.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The VR Views plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f8c15f90-1b38-4e64-aa41-e1473be5b07b?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22820 + metadata: + fofa-query: "wp-content/plugins/vr-views/" + google-query: inurl:"/wp-content/plugins/vr-views/" + shodan-query: 'vuln:CVE-2025-22820' + tags: cve,wordpress,wp-plugin,vr-views,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/vr-views/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "vr-views" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22821-4efe29981eec01234f7e5be06f1013bc.yaml b/nuclei-templates/2025/CVE-2025-22821-4efe29981eec01234f7e5be06f1013bc.yaml new file mode 100644 index 0000000000..b91f885539 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22821-4efe29981eec01234f7e5be06f1013bc.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22821-4efe29981eec01234f7e5be06f1013bc + +info: + name: > + StorePress <= 1.0.12 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The StorePress theme for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/41479533-592d-4438-8162-48975b8a78a7?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22821 + metadata: + fofa-query: "wp-content/themes/storepress/" + google-query: inurl:"/wp-content/themes/storepress/" + shodan-query: 'vuln:CVE-2025-22821' + tags: cve,wordpress,wp-theme,storepress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/storepress/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "storepress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.12') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22822-de0ef843184ba3be8091a429ab9d4b25.yaml b/nuclei-templates/2025/CVE-2025-22822-de0ef843184ba3be8091a429ab9d4b25.yaml new file mode 100644 index 0000000000..2da3eb1567 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22822-de0ef843184ba3be8091a429ab9d4b25.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22822-de0ef843184ba3be8091a429ab9d4b25 + +info: + name: > + wp custom countdown <= 2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The wp custom countdown plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/56fa7885-dc36-420b-a6cc-4fc2192112eb?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22822 + metadata: + fofa-query: "wp-content/plugins/wp-custom-countdown/" + google-query: inurl:"/wp-content/plugins/wp-custom-countdown/" + shodan-query: 'vuln:CVE-2025-22822' + tags: cve,wordpress,wp-plugin,wp-custom-countdown,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-custom-countdown/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-custom-countdown" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22823-11376181d1ec3f339ce28a9ddc432b76.yaml b/nuclei-templates/2025/CVE-2025-22823-11376181d1ec3f339ce28a9ddc432b76.yaml new file mode 100644 index 0000000000..3b1bc6a034 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22823-11376181d1ec3f339ce28a9ddc432b76.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22823-11376181d1ec3f339ce28a9ddc432b76 + +info: + name: > + Genesis Style Shortcodes <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Genesis Style Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/86301ef6-28b8-4831-b542-6aae33f705ea?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22823 + metadata: + fofa-query: "wp-content/plugins/genesis-style-shortcodes/" + google-query: inurl:"/wp-content/plugins/genesis-style-shortcodes/" + shodan-query: 'vuln:CVE-2025-22823' + tags: cve,wordpress,wp-plugin,genesis-style-shortcodes,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/genesis-style-shortcodes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "genesis-style-shortcodes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22824-6112302e1e01277a0a4f53a4a9153d8f.yaml b/nuclei-templates/2025/CVE-2025-22824-6112302e1e01277a0a4f53a4a9153d8f.yaml new file mode 100644 index 0000000000..91966b1cb7 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22824-6112302e1e01277a0a4f53a4a9153d8f.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22824-6112302e1e01277a0a4f53a4a9153d8f + +info: + name: > + Live Flight Radar <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Live Flight Radar plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/27be8c38-17f5-4a25-ba53-2a2544f5612a?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22824 + metadata: + fofa-query: "wp-content/plugins/live-flight-radar/" + google-query: inurl:"/wp-content/plugins/live-flight-radar/" + shodan-query: 'vuln:CVE-2025-22824' + tags: cve,wordpress,wp-plugin,live-flight-radar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/live-flight-radar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "live-flight-radar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22825-2504ae37f778d80da744e6090ee7aee8.yaml b/nuclei-templates/2025/CVE-2025-22825-2504ae37f778d80da744e6090ee7aee8.yaml new file mode 100644 index 0000000000..1b66404b44 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22825-2504ae37f778d80da744e6090ee7aee8.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22825-2504ae37f778d80da744e6090ee7aee8 + +info: + name: > + Flexible PDF Coupons <= 1.10.2 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Flexible PDF Coupons – Gift Cards & Vouchers for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.10.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a818abe9-5520-4c63-9b41-52865ebd1820?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22825 + metadata: + fofa-query: "wp-content/plugins/flexible-coupons/" + google-query: inurl:"/wp-content/plugins/flexible-coupons/" + shodan-query: 'vuln:CVE-2025-22825' + tags: cve,wordpress,wp-plugin,flexible-coupons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/flexible-coupons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "flexible-coupons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.10.2') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22826-33254d2dac260e4e9fee33ecfde5f106.yaml b/nuclei-templates/2025/CVE-2025-22826-33254d2dac260e4e9fee33ecfde5f106.yaml new file mode 100644 index 0000000000..40b46852d9 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22826-33254d2dac260e4e9fee33ecfde5f106.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22826-33254d2dac260e4e9fee33ecfde5f106 + +info: + name: > + Sell Digital Downloads <= 2.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Sell Digital Downloads plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.2.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/af12c836-a0ab-4d64-8921-61980edf47e7?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22826 + metadata: + fofa-query: "wp-content/plugins/sell-digital-downloads/" + google-query: inurl:"/wp-content/plugins/sell-digital-downloads/" + shodan-query: 'vuln:CVE-2025-22826' + tags: cve,wordpress,wp-plugin,sell-digital-downloads,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sell-digital-downloads/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sell-digital-downloads" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.7') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-22827-9867709fff8f3d328b61e1f10a228054.yaml b/nuclei-templates/2025/CVE-2025-22827-9867709fff8f3d328b61e1f10a228054.yaml new file mode 100644 index 0000000000..6f64443b3a --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-22827-9867709fff8f3d328b61e1f10a228054.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-22827-9867709fff8f3d328b61e1f10a228054 + +info: + name: > + WP Joomag <= 2.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The WP Joomag plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a65fe73b-6bcb-4856-a76c-fbcb6cf3c3bd?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-22827 + metadata: + fofa-query: "wp-content/plugins/wp-joomag/" + google-query: inurl:"/wp-content/plugins/wp-joomag/" + shodan-query: 'vuln:CVE-2025-22827' + tags: cve,wordpress,wp-plugin,wp-joomag,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-joomag/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-joomag" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.2') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23423-5a60f413511788c649d40b260f7d1a23.yaml b/nuclei-templates/2025/CVE-2025-23423-5a60f413511788c649d40b260f7d1a23.yaml new file mode 100644 index 0000000000..990014b638 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23423-5a60f413511788c649d40b260f7d1a23.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23423-5a60f413511788c649d40b260f7d1a23 + +info: + name: > + SendGrid for WordPress <= 1.4 - Missing Authorization + author: topscoder + severity: low + description: > + The SendGrid for WordPress plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3fa9e1cf-a7d5-4373-81ca-87e9275fe413?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2025-23423 + metadata: + fofa-query: "wp-content/plugins/wp-sendgrid-mailer/" + google-query: inurl:"/wp-content/plugins/wp-sendgrid-mailer/" + shodan-query: 'vuln:CVE-2025-23423' + tags: cve,wordpress,wp-plugin,wp-sendgrid-mailer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-sendgrid-mailer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-sendgrid-mailer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23424-bb0edb9a6a8598c6ad4e5de599406ae3.yaml b/nuclei-templates/2025/CVE-2025-23424-bb0edb9a6a8598c6ad4e5de599406ae3.yaml new file mode 100644 index 0000000000..3f253720c8 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23424-bb0edb9a6a8598c6ad4e5de599406ae3.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23424-bb0edb9a6a8598c6ad4e5de599406ae3 + +info: + name: > + Marquee Style RSS News Ticker <= 3.2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Marquee Style RSS News Ticker plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/aeaf4844-1ca4-45c1-847b-a06bf7202426?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23424 + metadata: + fofa-query: "wp-content/plugins/marquee-style-rss-news-ticker/" + google-query: inurl:"/wp-content/plugins/marquee-style-rss-news-ticker/" + shodan-query: 'vuln:CVE-2025-23424' + tags: cve,wordpress,wp-plugin,marquee-style-rss-news-ticker,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/marquee-style-rss-news-ticker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "marquee-style-rss-news-ticker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23426-8eb4c515bd740e0805a0e2029ac6a6fc.yaml b/nuclei-templates/2025/CVE-2025-23426-8eb4c515bd740e0805a0e2029ac6a6fc.yaml new file mode 100644 index 0000000000..99d275d2a2 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23426-8eb4c515bd740e0805a0e2029ac6a6fc.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23426-8eb4c515bd740e0805a0e2029ac6a6fc + +info: + name: > + go Social <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The go Social plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f74c392c-1d79-4498-8298-d1160af250b6?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23426 + metadata: + fofa-query: "wp-content/plugins/go-social/" + google-query: inurl:"/wp-content/plugins/go-social/" + shodan-query: 'vuln:CVE-2025-23426' + tags: cve,wordpress,wp-plugin,go-social,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/go-social/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "go-social" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23429-4bb6937b6daf9bc1a48d59d25922b696.yaml b/nuclei-templates/2025/CVE-2025-23429-4bb6937b6daf9bc1a48d59d25922b696.yaml new file mode 100644 index 0000000000..8f37d4ba17 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23429-4bb6937b6daf9bc1a48d59d25922b696.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23429-4bb6937b6daf9bc1a48d59d25922b696 + +info: + name: > + Altima Lookbook Free for WooCommerce <= 1.1.0 - Refletced Cross-Site Scripting + author: topscoder + severity: high + description: > + The Altima Lookbook Free for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/226dba48-e984-4149-bc0e-aacedb35bcdf?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23429 + metadata: + fofa-query: "wp-content/plugins/altima-lookbook-free-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/altima-lookbook-free-for-woocommerce/" + shodan-query: 'vuln:CVE-2025-23429' + tags: cve,wordpress,wp-plugin,altima-lookbook-free-for-woocommerce,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/altima-lookbook-free-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "altima-lookbook-free-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23430-0a6c316d90e50ffd3776c84d12d9ae17.yaml b/nuclei-templates/2025/CVE-2025-23430-0a6c316d90e50ffd3776c84d12d9ae17.yaml new file mode 100644 index 0000000000..85d8278528 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23430-0a6c316d90e50ffd3776c84d12d9ae17.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23430-0a6c316d90e50ffd3776c84d12d9ae17 + +info: + name: > + Mass Custom Fields Manager <= 1.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Mass Custom Fields Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6b635525-7e0a-4bb5-84fd-f8694c352b0b?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23430 + metadata: + fofa-query: "wp-content/plugins/mass-custom-fields-manager/" + google-query: inurl:"/wp-content/plugins/mass-custom-fields-manager/" + shodan-query: 'vuln:CVE-2025-23430' + tags: cve,wordpress,wp-plugin,mass-custom-fields-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mass-custom-fields-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mass-custom-fields-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23432-1404e39f04d9c1ccbf9b140a4b1db9e4.yaml b/nuclei-templates/2025/CVE-2025-23432-1404e39f04d9c1ccbf9b140a4b1db9e4.yaml new file mode 100644 index 0000000000..07ba559ece --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23432-1404e39f04d9c1ccbf9b140a4b1db9e4.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23432-1404e39f04d9c1ccbf9b140a4b1db9e4 + +info: + name: > + AlT Report <= 1.12.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The AlT Report plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.12.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dafbd32c-ef66-4c1c-aa6b-68443e12eacb?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23432 + metadata: + fofa-query: "wp-content/plugins/alt-report/" + google-query: inurl:"/wp-content/plugins/alt-report/" + shodan-query: 'vuln:CVE-2025-23432' + tags: cve,wordpress,wp-plugin,alt-report,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/alt-report/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "alt-report" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.12.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23434-724064519dd248f7a17c5a4d1f9a7e0d.yaml b/nuclei-templates/2025/CVE-2025-23434-724064519dd248f7a17c5a4d1f9a7e0d.yaml new file mode 100644 index 0000000000..90b39c110f --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23434-724064519dd248f7a17c5a4d1f9a7e0d.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23434-724064519dd248f7a17c5a4d1f9a7e0d + +info: + name: > + Easy EU Cookie law <= 1.3.3.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Easy EU Cookie law plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/08186560-16f5-4b53-985f-d708895c79c1?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-23434 + metadata: + fofa-query: "wp-content/plugins/easy-eu-cookie-law/" + google-query: inurl:"/wp-content/plugins/easy-eu-cookie-law/" + shodan-query: 'vuln:CVE-2025-23434' + tags: cve,wordpress,wp-plugin,easy-eu-cookie-law,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-eu-cookie-law/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-eu-cookie-law" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.3.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23435-e44bf8779c3fe953dcd6f1e2503dc54a.yaml b/nuclei-templates/2025/CVE-2025-23435-e44bf8779c3fe953dcd6f1e2503dc54a.yaml new file mode 100644 index 0000000000..fd973f22b5 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23435-e44bf8779c3fe953dcd6f1e2503dc54a.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23435-e44bf8779c3fe953dcd6f1e2503dc54a + +info: + name: > + Password Protect Plugin for WordPress <= 0.8.1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Password Protect Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.8.1.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e40129a9-731a-4443-8906-8fe697c04f59?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23435 + metadata: + fofa-query: "wp-content/plugins/password-protect-plugin-for-wordpress/" + google-query: inurl:"/wp-content/plugins/password-protect-plugin-for-wordpress/" + shodan-query: 'vuln:CVE-2025-23435' + tags: cve,wordpress,wp-plugin,password-protect-plugin-for-wordpress,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/password-protect-plugin-for-wordpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "password-protect-plugin-for-wordpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.8.1.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23436-c7f672550c4d8f480c2f384540663929.yaml b/nuclei-templates/2025/CVE-2025-23436-c7f672550c4d8f480c2f384540663929.yaml new file mode 100644 index 0000000000..a445448a05 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23436-c7f672550c4d8f480c2f384540663929.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23436-c7f672550c4d8f480c2f384540663929 + +info: + name: > + Wp-Scribd-List <= 1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Wp-Scribd-List plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e510fc07-c969-48f4-ac5a-7dc91f9e2cd5?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23436 + metadata: + fofa-query: "wp-content/plugins/wp-scribd-list/" + google-query: inurl:"/wp-content/plugins/wp-scribd-list/" + shodan-query: 'vuln:CVE-2025-23436' + tags: cve,wordpress,wp-plugin,wp-scribd-list,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-scribd-list/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-scribd-list" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23438-b427cf310f7fac7cdf770c49d7971c41.yaml b/nuclei-templates/2025/CVE-2025-23438-b427cf310f7fac7cdf770c49d7971c41.yaml new file mode 100644 index 0000000000..77e4a47aa7 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23438-b427cf310f7fac7cdf770c49d7971c41.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23438-b427cf310f7fac7cdf770c49d7971c41 + +info: + name: > + WP PT-Viewer <= 2.0.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The WP PT-Viewer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fda7ad16-d66b-47fc-bbd6-18fd0b1c1e03?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23438 + metadata: + fofa-query: "wp-content/plugins/wp-ptviewer/" + google-query: inurl:"/wp-content/plugins/wp-ptviewer/" + shodan-query: 'vuln:CVE-2025-23438' + tags: cve,wordpress,wp-plugin,wp-ptviewer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-ptviewer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-ptviewer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.2') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23442-08c9362ff187434897ce75e10f4e12e4.yaml b/nuclei-templates/2025/CVE-2025-23442-08c9362ff187434897ce75e10f4e12e4.yaml new file mode 100644 index 0000000000..847f892f4d --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23442-08c9362ff187434897ce75e10f4e12e4.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23442-08c9362ff187434897ce75e10f4e12e4 + +info: + name: > + Shockingly Big IE6 Warning <= 1.6.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Shockingly Big IE6 Warning plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.3. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8dfae3cc-b885-4fb8-a6df-a904d5df3c3b?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23442 + metadata: + fofa-query: "wp-content/plugins/shockingly-big-ie6-warning/" + google-query: inurl:"/wp-content/plugins/shockingly-big-ie6-warning/" + shodan-query: 'vuln:CVE-2025-23442' + tags: cve,wordpress,wp-plugin,shockingly-big-ie6-warning,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shockingly-big-ie6-warning/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shockingly-big-ie6-warning" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.3') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23444-91d263a6bbf954a1e6a6bd308b6d3e21.yaml b/nuclei-templates/2025/CVE-2025-23444-91d263a6bbf954a1e6a6bd308b6d3e21.yaml new file mode 100644 index 0000000000..66ede43ef2 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23444-91d263a6bbf954a1e6a6bd308b6d3e21.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23444-91d263a6bbf954a1e6a6bd308b6d3e21 + +info: + name: > + Scroll Top Advanced <= 2.5 - Authenticated (Subscriber+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Scroll Top Advanced plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/97669ac1-2ff0-46f6-8709-c007476ed4a0?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-23444 + metadata: + fofa-query: "wp-content/plugins/scroll-top-advanced/" + google-query: inurl:"/wp-content/plugins/scroll-top-advanced/" + shodan-query: 'vuln:CVE-2025-23444' + tags: cve,wordpress,wp-plugin,scroll-top-advanced,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/scroll-top-advanced/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "scroll-top-advanced" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23445-1c5ce8096cb1ff2529538d29c504778e.yaml b/nuclei-templates/2025/CVE-2025-23445-1c5ce8096cb1ff2529538d29c504778e.yaml new file mode 100644 index 0000000000..715e757095 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23445-1c5ce8096cb1ff2529538d29c504778e.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23445-1c5ce8096cb1ff2529538d29c504778e + +info: + name: > + Easy Tynt <= 0.2.5.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Easy Tynt plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2.5.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/27142a35-99e7-4bac-9cfd-c0ab12886eef?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23445 + metadata: + fofa-query: "wp-content/plugins/easy-tynt/" + google-query: inurl:"/wp-content/plugins/easy-tynt/" + shodan-query: 'vuln:CVE-2025-23445' + tags: cve,wordpress,wp-plugin,easy-tynt,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-tynt/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-tynt" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.2.5.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23452-d0c1ac022f99031f829c85046ac7f35f.yaml b/nuclei-templates/2025/CVE-2025-23452-d0c1ac022f99031f829c85046ac7f35f.yaml new file mode 100644 index 0000000000..8a4d75477b --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23452-d0c1ac022f99031f829c85046ac7f35f.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23452-d0c1ac022f99031f829c85046ac7f35f + +info: + name: > + EditionGuard for WooCommerce – eBook Sales with DRM <= 3.4.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The EditionGuard for WooCommerce – eBook Sales with DRM plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 3.4.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a195af52-62f7-46a1-b161-280d455b71f4?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23452 + metadata: + fofa-query: "wp-content/plugins/editionguard-for-woocommerce-ebook-sales-with-drm/" + google-query: inurl:"/wp-content/plugins/editionguard-for-woocommerce-ebook-sales-with-drm/" + shodan-query: 'vuln:CVE-2025-23452' + tags: cve,wordpress,wp-plugin,editionguard-for-woocommerce-ebook-sales-with-drm,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/editionguard-for-woocommerce-ebook-sales-with-drm/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "editionguard-for-woocommerce-ebook-sales-with-drm" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.2') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23453-baa4e25d39a7befa68fc76acac755c66.yaml b/nuclei-templates/2025/CVE-2025-23453-baa4e25d39a7befa68fc76acac755c66.yaml new file mode 100644 index 0000000000..4f7fadc510 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23453-baa4e25d39a7befa68fc76acac755c66.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23453-baa4e25d39a7befa68fc76acac755c66 + +info: + name: > + Stars SMTP Mailer <= 1.7 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Stars SMTP Mailer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7cf28b29-6e09-4359-9fe9-739d46fa5c2d?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23453 + metadata: + fofa-query: "wp-content/plugins/stars-smtp-mailer/" + google-query: inurl:"/wp-content/plugins/stars-smtp-mailer/" + shodan-query: 'vuln:CVE-2025-23453' + tags: cve,wordpress,wp-plugin,stars-smtp-mailer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/stars-smtp-mailer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "stars-smtp-mailer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23455-2e3a66770e31c7a9a9e30f1c01becfc7.yaml b/nuclei-templates/2025/CVE-2025-23455-2e3a66770e31c7a9a9e30f1c01becfc7.yaml new file mode 100644 index 0000000000..5a29dc5ee2 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23455-2e3a66770e31c7a9a9e30f1c01becfc7.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23455-2e3a66770e31c7a9a9e30f1c01becfc7 + +info: + name: > + WP VTiger Synchronization <= 1.1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The WP VTiger Synchronization plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/710bdf8d-b06f-4b50-9f76-129c49d32dba?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23455 + metadata: + fofa-query: "wp-content/plugins/msstiger/" + google-query: inurl:"/wp-content/plugins/msstiger/" + shodan-query: 'vuln:CVE-2025-23455' + tags: cve,wordpress,wp-plugin,msstiger,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/msstiger/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "msstiger" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23456-ee1447ff3417ddd19a0fe2b051c83a33.yaml b/nuclei-templates/2025/CVE-2025-23456-ee1447ff3417ddd19a0fe2b051c83a33.yaml new file mode 100644 index 0000000000..e1befa0b6f --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23456-ee1447ff3417ddd19a0fe2b051c83a33.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23456-ee1447ff3417ddd19a0fe2b051c83a33 + +info: + name: > + EmailShroud <= 2.2.1 - Cross-Site Request Forgery to Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The EmailShroud plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2e11227f-87b0-42b2-98a5-555e49d983ad?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23456 + metadata: + fofa-query: "wp-content/plugins/emailshroud/" + google-query: inurl:"/wp-content/plugins/emailshroud/" + shodan-query: 'vuln:CVE-2025-23456' + tags: cve,wordpress,wp-plugin,emailshroud,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/emailshroud/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "emailshroud" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23463-45591414a584ea67414728944237ec80.yaml b/nuclei-templates/2025/CVE-2025-23463-45591414a584ea67414728944237ec80.yaml new file mode 100644 index 0000000000..2390d1721c --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23463-45591414a584ea67414728944237ec80.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23463-45591414a584ea67414728944237ec80 + +info: + name: > + MD Custom content after or before of post <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The MD Custom content after or before of post plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/88591c56-ff79-47bf-b5e0-e3471884d3b4?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23463 + metadata: + fofa-query: "wp-content/plugins/md-custom-content/" + google-query: inurl:"/wp-content/plugins/md-custom-content/" + shodan-query: 'vuln:CVE-2025-23463' + tags: cve,wordpress,wp-plugin,md-custom-content,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/md-custom-content/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "md-custom-content" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23467-dca69ffe6e409ebefed35576198d153a.yaml b/nuclei-templates/2025/CVE-2025-23467-dca69ffe6e409ebefed35576198d153a.yaml new file mode 100644 index 0000000000..3d0036e975 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23467-dca69ffe6e409ebefed35576198d153a.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23467-dca69ffe6e409ebefed35576198d153a + +info: + name: > + RSS News Scroller <= 2.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The RSS News Scroller plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d60261eb-c8b1-4278-aeb8-4ea1abaeed25?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23467 + metadata: + fofa-query: "wp-content/plugins/rss-news-scroller/" + google-query: inurl:"/wp-content/plugins/rss-news-scroller/" + shodan-query: 'vuln:CVE-2025-23467' + tags: cve,wordpress,wp-plugin,rss-news-scroller,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rss-news-scroller/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rss-news-scroller" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23470-5b8e74eaed77e966ac11deaf68a106c4.yaml b/nuclei-templates/2025/CVE-2025-23470-5b8e74eaed77e966ac11deaf68a106c4.yaml new file mode 100644 index 0000000000..3334e210b1 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23470-5b8e74eaed77e966ac11deaf68a106c4.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23470-5b8e74eaed77e966ac11deaf68a106c4 + +info: + name: > + Visit Site Link enhanced <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The "Visit Site" Link enhanced – WordPress PlugIn plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c79a9fad-3f4a-47f5-b911-c9f22a08f0aa?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23470 + metadata: + fofa-query: "wp-content/plugins/visit-site-link-enhanced/" + google-query: inurl:"/wp-content/plugins/visit-site-link-enhanced/" + shodan-query: 'vuln:CVE-2025-23470' + tags: cve,wordpress,wp-plugin,visit-site-link-enhanced,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/visit-site-link-enhanced/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "visit-site-link-enhanced" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23471-389f3de50abcd8cd96c82570b7de9cc6.yaml b/nuclei-templates/2025/CVE-2025-23471-389f3de50abcd8cd96c82570b7de9cc6.yaml new file mode 100644 index 0000000000..da1bd6ad92 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23471-389f3de50abcd8cd96c82570b7de9cc6.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23471-389f3de50abcd8cd96c82570b7de9cc6 + +info: + name: > + ECT Add to Cart Button <= 1.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The ECT Add to Cart Button plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ea7b85fd-b771-4af3-bdcb-d976fa7bd8fc?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23471 + metadata: + fofa-query: "wp-content/plugins/ect-add-to-cart-button/" + google-query: inurl:"/wp-content/plugins/ect-add-to-cart-button/" + shodan-query: 'vuln:CVE-2025-23471' + tags: cve,wordpress,wp-plugin,ect-add-to-cart-button,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ect-add-to-cart-button/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ect-add-to-cart-button" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23476-e06945a0eab2b812661f3d232b832d8f.yaml b/nuclei-templates/2025/CVE-2025-23476-e06945a0eab2b812661f3d232b832d8f.yaml new file mode 100644 index 0000000000..34a7ada2d5 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23476-e06945a0eab2b812661f3d232b832d8f.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23476-e06945a0eab2b812661f3d232b832d8f + +info: + name: > + my-related-posts <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The my-related-posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f60a97df-c98a-4980-bc57-50147c87dd91?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23476 + metadata: + fofa-query: "wp-content/plugins/my-related-posts/" + google-query: inurl:"/wp-content/plugins/my-related-posts/" + shodan-query: 'vuln:CVE-2025-23476' + tags: cve,wordpress,wp-plugin,my-related-posts,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/my-related-posts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "my-related-posts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23477-540d097e83d54b9939f0554242124208.yaml b/nuclei-templates/2025/CVE-2025-23477-540d097e83d54b9939f0554242124208.yaml new file mode 100644 index 0000000000..52e9ad79a2 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23477-540d097e83d54b9939f0554242124208.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23477-540d097e83d54b9939f0554242124208 + +info: + name: > + Realty Workstation <= 1.0.45 - Missing Authorization + author: topscoder + severity: high + description: > + The Realty Workstation plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.0.45. This makes it possible for unauthenticated attackers to perform an unauthorized action. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/14dcc17f-8252-44d0-ba31-f12f7f53593a?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N + cvss-score: 5.3 + cve-id: CVE-2025-23477 + metadata: + fofa-query: "wp-content/plugins/realty-workstation/" + google-query: inurl:"/wp-content/plugins/realty-workstation/" + shodan-query: 'vuln:CVE-2025-23477' + tags: cve,wordpress,wp-plugin,realty-workstation,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/realty-workstation/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "realty-workstation" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.45') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23483-82b7fa35f01f8f8a58ee916b6f1e63a2.yaml b/nuclei-templates/2025/CVE-2025-23483-82b7fa35f01f8f8a58ee916b6f1e63a2.yaml new file mode 100644 index 0000000000..c1fb7d7ffe --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23483-82b7fa35f01f8f8a58ee916b6f1e63a2.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23483-82b7fa35f01f8f8a58ee916b6f1e63a2 + +info: + name: > + Universal Analytics Injector <= 1.0.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Universal Analytics Injector plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a636bc83-e41f-4620-a0f2-1de17ab64f52?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23483 + metadata: + fofa-query: "wp-content/plugins/universal-analytics-injector/" + google-query: inurl:"/wp-content/plugins/universal-analytics-injector/" + shodan-query: 'vuln:CVE-2025-23483' + tags: cve,wordpress,wp-plugin,universal-analytics-injector,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/universal-analytics-injector/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "universal-analytics-injector" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.3') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23489-9c408604536774c8f9e2477e92b64155.yaml b/nuclei-templates/2025/CVE-2025-23489-9c408604536774c8f9e2477e92b64155.yaml new file mode 100644 index 0000000000..fdddd0a979 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23489-9c408604536774c8f9e2477e92b64155.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23489-9c408604536774c8f9e2477e92b64155 + +info: + name: > + WP-Announcements <= 1.8 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The WP-Announcements plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/abd70095-7549-41f8-913b-528e2b215929?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23489 + metadata: + fofa-query: "wp-content/plugins/wp-announcements/" + google-query: inurl:"/wp-content/plugins/wp-announcements/" + shodan-query: 'vuln:CVE-2025-23489' + tags: cve,wordpress,wp-plugin,wp-announcements,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-announcements/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-announcements" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23495-429a65699e6e449bb19aab6c7f966a8a.yaml b/nuclei-templates/2025/CVE-2025-23495-429a65699e6e449bb19aab6c7f966a8a.yaml new file mode 100644 index 0000000000..8d67b71242 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23495-429a65699e6e449bb19aab6c7f966a8a.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23495-429a65699e6e449bb19aab6c7f966a8a + +info: + name: > + WooCommerce Order Search <= 1.1.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The WooCommerce Order Search plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1d2aef81-f8f1-47a4-8c9c-e46e3a0cbe0d?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23495 + metadata: + fofa-query: "wp-content/plugins/woocommerce-order-searching/" + google-query: inurl:"/wp-content/plugins/woocommerce-order-searching/" + shodan-query: 'vuln:CVE-2025-23495' + tags: cve,wordpress,wp-plugin,woocommerce-order-searching,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-order-searching/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-order-searching" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23497-68a102869d492be4c035d1a8db0bdd72.yaml b/nuclei-templates/2025/CVE-2025-23497-68a102869d492be4c035d1a8db0bdd72.yaml new file mode 100644 index 0000000000..fee94f36b9 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23497-68a102869d492be4c035d1a8db0bdd72.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23497-68a102869d492be4c035d1a8db0bdd72 + +info: + name: > + Simple Project Manager <= 1.2.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Simple Project Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/eb1b6443-31b4-4ee6-a827-fe749a48383f?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23497 + metadata: + fofa-query: "wp-content/plugins/simple-project-managment/" + google-query: inurl:"/wp-content/plugins/simple-project-managment/" + shodan-query: 'vuln:CVE-2025-23497' + tags: cve,wordpress,wp-plugin,simple-project-managment,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-project-managment/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-project-managment" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.2') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23498-a9b491c5d0385303b141be2a3b714860.yaml b/nuclei-templates/2025/CVE-2025-23498-a9b491c5d0385303b141be2a3b714860.yaml new file mode 100644 index 0000000000..d0dab1b9dc --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23498-a9b491c5d0385303b141be2a3b714860.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23498-a9b491c5d0385303b141be2a3b714860 + +info: + name: > + Translation.Pro <= 1.0.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Translation.Pro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9d72ad35-a16e-40a1-8d91-2a9a798e83df?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23498 + metadata: + fofa-query: "wp-content/plugins/translation-pro/" + google-query: inurl:"/wp-content/plugins/translation-pro/" + shodan-query: 'vuln:CVE-2025-23498' + tags: cve,wordpress,wp-plugin,translation-pro,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/translation-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "translation-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23499-99a503bcb4c50e5135a6e7cd409f3f80.yaml b/nuclei-templates/2025/CVE-2025-23499-99a503bcb4c50e5135a6e7cd409f3f80.yaml new file mode 100644 index 0000000000..23c7c06918 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23499-99a503bcb4c50e5135a6e7cd409f3f80.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23499-99a503bcb4c50e5135a6e7cd409f3f80 + +info: + name: > + Board Election <= 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Board Election plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/aaece360-25b0-4a35-bd23-57c6591623eb?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23499 + metadata: + fofa-query: "wp-content/plugins/board-election/" + google-query: inurl:"/wp-content/plugins/board-election/" + shodan-query: 'vuln:CVE-2025-23499' + tags: cve,wordpress,wp-plugin,board-election,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/board-election/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "board-election" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23500-e264dd17bcd0a0f1ec52ba9647ce373d.yaml b/nuclei-templates/2025/CVE-2025-23500-e264dd17bcd0a0f1ec52ba9647ce373d.yaml new file mode 100644 index 0000000000..3e04139614 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23500-e264dd17bcd0a0f1ec52ba9647ce373d.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23500-e264dd17bcd0a0f1ec52ba9647ce373d + +info: + name: > + Simple Custom post type custom field <= 1.0.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Simple Custom post type custom field plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/aafe218d-a0c4-4346-b2cd-4beb0d1fc010?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23500 + metadata: + fofa-query: "wp-content/plugins/simple-content-construction-kit/" + google-query: inurl:"/wp-content/plugins/simple-content-construction-kit/" + shodan-query: 'vuln:CVE-2025-23500' + tags: cve,wordpress,wp-plugin,simple-content-construction-kit,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-content-construction-kit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-content-construction-kit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.3') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23501-6bf685676c24033933baa0b2f951a137.yaml b/nuclei-templates/2025/CVE-2025-23501-6bf685676c24033933baa0b2f951a137.yaml new file mode 100644 index 0000000000..54276ea5c1 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23501-6bf685676c24033933baa0b2f951a137.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23501-6bf685676c24033933baa0b2f951a137 + +info: + name: > + Cookie Consent & Autoblock for GDPR/CCPA <= 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Cookie Consent & Autoblock for GDPR/CCPA plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/848bfa37-7560-4c6b-8bbf-ee133c799291?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23501 + metadata: + fofa-query: "wp-content/plugins/cookie-consent-autoblock/" + google-query: inurl:"/wp-content/plugins/cookie-consent-autoblock/" + shodan-query: 'vuln:CVE-2025-23501' + tags: cve,wordpress,wp-plugin,cookie-consent-autoblock,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cookie-consent-autoblock/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cookie-consent-autoblock" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23503-63f142b77afd3e627172011fcac8494b.yaml b/nuclei-templates/2025/CVE-2025-23503-63f142b77afd3e627172011fcac8494b.yaml new file mode 100644 index 0000000000..72e424c0c0 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23503-63f142b77afd3e627172011fcac8494b.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23503-63f142b77afd3e627172011fcac8494b + +info: + name: > + Customizable Captcha and Contact Us <= 1.0.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Customizable Captcha and Contact Us plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/49fe478e-b553-4eb5-851b-69319eb4dbc3?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23503 + metadata: + fofa-query: "wp-content/plugins/customizable-captcha-and-contact-us-form/" + google-query: inurl:"/wp-content/plugins/customizable-captcha-and-contact-us-form/" + shodan-query: 'vuln:CVE-2025-23503' + tags: cve,wordpress,wp-plugin,customizable-captcha-and-contact-us-form,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/customizable-captcha-and-contact-us-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "customizable-captcha-and-contact-us-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.2') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23508-384caa032410d65fc8323ee397a3771a.yaml b/nuclei-templates/2025/CVE-2025-23508-384caa032410d65fc8323ee397a3771a.yaml new file mode 100644 index 0000000000..8e6df13628 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23508-384caa032410d65fc8323ee397a3771a.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23508-384caa032410d65fc8323ee397a3771a + +info: + name: > + Extra Options – Favicons <= 1.1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Extra Options – Favicons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ba49d38d-2838-4b8c-98f9-37e0c7d8f060?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23508 + metadata: + fofa-query: "wp-content/plugins/extra-options-favicons/" + google-query: inurl:"/wp-content/plugins/extra-options-favicons/" + shodan-query: 'vuln:CVE-2025-23508' + tags: cve,wordpress,wp-plugin,extra-options-favicons,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/extra-options-favicons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "extra-options-favicons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23510-bf1d5f95ad17e98fae073e19ffb31cef.yaml b/nuclei-templates/2025/CVE-2025-23510-bf1d5f95ad17e98fae073e19ffb31cef.yaml new file mode 100644 index 0000000000..09d1ce2d5d --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23510-bf1d5f95ad17e98fae073e19ffb31cef.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23510-bf1d5f95ad17e98fae073e19ffb31cef + +info: + name: > + WordPress Logging Service <= 1.5.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The WordPress Logging Service plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.4. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ab15e532-406d-4e6f-ab5e-ae3631acc073?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23510 + metadata: + fofa-query: "wp-content/plugins/wordpress-logging-service/" + google-query: inurl:"/wp-content/plugins/wordpress-logging-service/" + shodan-query: 'vuln:CVE-2025-23510' + tags: cve,wordpress,wp-plugin,wordpress-logging-service,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordpress-logging-service/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordpress-logging-service" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.4') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23511-f173cf6c6e51da24a97dcf7d9ad9a19f.yaml b/nuclei-templates/2025/CVE-2025-23511-f173cf6c6e51da24a97dcf7d9ad9a19f.yaml new file mode 100644 index 0000000000..367d480f84 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23511-f173cf6c6e51da24a97dcf7d9ad9a19f.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23511-f173cf6c6e51da24a97dcf7d9ad9a19f + +info: + name: > + WP-BlackCheck <= 2.7.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The WP-BlackCheck plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b37099ed-153e-4df9-8141-9242ed36859d?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23511 + metadata: + fofa-query: "wp-content/plugins/wp-blackcheck/" + google-query: inurl:"/wp-content/plugins/wp-blackcheck/" + shodan-query: 'vuln:CVE-2025-23511' + tags: cve,wordpress,wp-plugin,wp-blackcheck,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-blackcheck/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-blackcheck" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.2') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23512-d1339a0cee670430fe2398c81df71b52.yaml b/nuclei-templates/2025/CVE-2025-23512-d1339a0cee670430fe2398c81df71b52.yaml new file mode 100644 index 0000000000..aaa9429cec --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23512-d1339a0cee670430fe2398c81df71b52.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23512-d1339a0cee670430fe2398c81df71b52 + +info: + name: > + Team 118GROUP Agent <= 1.6.0 - Missing Authorization to Unauthenticated Arbitrary Content Deletion + author: topscoder + severity: high + description: > + The Team 118GROUP Agent plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.6.0. This makes it possible for unauthenticated attackers to delete arbitrary content. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/03f3d048-5099-406e-b386-31cbbbf4df14?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N + cvss-score: 5.3 + cve-id: CVE-2025-23512 + metadata: + fofa-query: "wp-content/plugins/team-118group-agent/" + google-query: inurl:"/wp-content/plugins/team-118group-agent/" + shodan-query: 'vuln:CVE-2025-23512' + tags: cve,wordpress,wp-plugin,team-118group-agent,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/team-118group-agent/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "team-118group-agent" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23513-ce995da6e13720fb0b4d6299761f13b0.yaml b/nuclei-templates/2025/CVE-2025-23513-ce995da6e13720fb0b4d6299761f13b0.yaml new file mode 100644 index 0000000000..e3af757086 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23513-ce995da6e13720fb0b4d6299761f13b0.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23513-ce995da6e13720fb0b4d6299761f13b0 + +info: + name: > + Bible Embed <= 0.0.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Bible Embed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.0.4. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/33dcaf9b-4c4b-4c8a-a0b7-fa44b64525a3?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23513 + metadata: + fofa-query: "wp-content/plugins/bible-embed/" + google-query: inurl:"/wp-content/plugins/bible-embed/" + shodan-query: 'vuln:CVE-2025-23513' + tags: cve,wordpress,wp-plugin,bible-embed,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bible-embed/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bible-embed" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.0.4') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23514-c2de5e829b6f15c924fe5ab3fab243f0.yaml b/nuclei-templates/2025/CVE-2025-23514-c2de5e829b6f15c924fe5ab3fab243f0.yaml new file mode 100644 index 0000000000..587c00a264 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23514-c2de5e829b6f15c924fe5ab3fab243f0.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23514-c2de5e829b6f15c924fe5ab3fab243f0 + +info: + name: > + Loginplus <= 1.2 - Missing Authorization + author: topscoder + severity: high + description: > + The Loginplus plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.2. This makes it possible for unauthenticated attackers to perform an unauthorized action. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/581e1d70-0280-443b-b319-7047325866e4?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N + cvss-score: 5.3 + cve-id: CVE-2025-23514 + metadata: + fofa-query: "wp-content/plugins/loginplus/" + google-query: inurl:"/wp-content/plugins/loginplus/" + shodan-query: 'vuln:CVE-2025-23514' + tags: cve,wordpress,wp-plugin,loginplus,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/loginplus/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "loginplus" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23528-e75d6e32cb1a4ad22952a4f1bb6a8f7e.yaml b/nuclei-templates/2025/CVE-2025-23528-e75d6e32cb1a4ad22952a4f1bb6a8f7e.yaml new file mode 100644 index 0000000000..bc0fc33e48 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23528-e75d6e32cb1a4ad22952a4f1bb6a8f7e.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23528-e75d6e32cb1a4ad22952a4f1bb6a8f7e + +info: + name: > + DD Roles <= 4.1 - Authenticated (Subscriber+) Privilege Escalation + author: topscoder + severity: low + description: > + The DD Roles plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 4.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges to that of an administrator. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6001660c-4b18-473d-a07d-30e0f7af29d1?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2025-23528 + metadata: + fofa-query: "wp-content/plugins/dd-roles/" + google-query: inurl:"/wp-content/plugins/dd-roles/" + shodan-query: 'vuln:CVE-2025-23528' + tags: cve,wordpress,wp-plugin,dd-roles,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dd-roles/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dd-roles" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23530-b8d91521b9f03617c43f2b3b36f83cd5.yaml b/nuclei-templates/2025/CVE-2025-23530-b8d91521b9f03617c43f2b3b36f83cd5.yaml new file mode 100644 index 0000000000..b9b6a932b4 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23530-b8d91521b9f03617c43f2b3b36f83cd5.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23530-b8d91521b9f03617c43f2b3b36f83cd5 + +info: + name: > + Custom Post Type Lockdown <= 1.11 - Cross-Site Request Forgery to Privilege Escalation + author: topscoder + severity: medium + description: > + The Custom Post Type Lockdown plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.11. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to elevate their privileges via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6083c255-48df-498c-ad28-fa8a2e20c67a?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2025-23530 + metadata: + fofa-query: "wp-content/plugins/custom-post-type-lockdown/" + google-query: inurl:"/wp-content/plugins/custom-post-type-lockdown/" + shodan-query: 'vuln:CVE-2025-23530' + tags: cve,wordpress,wp-plugin,custom-post-type-lockdown,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-post-type-lockdown/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-post-type-lockdown" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.11') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23532-d630fe26c8736c78957c12c48ecda7cc.yaml b/nuclei-templates/2025/CVE-2025-23532-d630fe26c8736c78957c12c48ecda7cc.yaml new file mode 100644 index 0000000000..d4c9c4417a --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23532-d630fe26c8736c78957c12c48ecda7cc.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23532-d630fe26c8736c78957c12c48ecda7cc + +info: + name: > + MyAnime Widget <= 1.0 - Cross-Site Request Forgery to Privilege Escalation + author: topscoder + severity: medium + description: > + The MyAnime Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to elevate their privileges via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7ea13a80-c744-4de3-ac19-178b67e1afc4?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H + cvss-score: 9.6 + cve-id: CVE-2025-23532 + metadata: + fofa-query: "wp-content/plugins/myanime-widget/" + google-query: inurl:"/wp-content/plugins/myanime-widget/" + shodan-query: 'vuln:CVE-2025-23532' + tags: cve,wordpress,wp-plugin,myanime-widget,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/myanime-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "myanime-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23533-b3474f17dfb699ae2817c658cda3f63b.yaml b/nuclei-templates/2025/CVE-2025-23533-b3474f17dfb699ae2817c658cda3f63b.yaml new file mode 100644 index 0000000000..50eaee8ecb --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23533-b3474f17dfb699ae2817c658cda3f63b.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23533-b3474f17dfb699ae2817c658cda3f63b + +info: + name: > + WP Lyrics <= 0.4.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The WP Lyrics plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.4.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5eab077f-0aeb-4dec-9ed2-8a09c4450d06?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23533 + metadata: + fofa-query: "wp-content/plugins/wplyrics/" + google-query: inurl:"/wp-content/plugins/wplyrics/" + shodan-query: 'vuln:CVE-2025-23533' + tags: cve,wordpress,wp-plugin,wplyrics,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wplyrics/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wplyrics" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.4.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23537-152f502789c84432b59123f35e7ba7e4.yaml b/nuclei-templates/2025/CVE-2025-23537-152f502789c84432b59123f35e7ba7e4.yaml new file mode 100644 index 0000000000..cb48da186d --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23537-152f502789c84432b59123f35e7ba7e4.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23537-152f502789c84432b59123f35e7ba7e4 + +info: + name: > + add custom google tag manager <= 1.0.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The add custom google tag manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cca9a0f3-7377-4411-a2e4-55574da614c0?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23537 + metadata: + fofa-query: "wp-content/plugins/add-custom-google-tag-manager/" + google-query: inurl:"/wp-content/plugins/add-custom-google-tag-manager/" + shodan-query: 'vuln:CVE-2025-23537' + tags: cve,wordpress,wp-plugin,add-custom-google-tag-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/add-custom-google-tag-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "add-custom-google-tag-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.3') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23547-988cd41a27d0d22add2c5a27ab9d2bbd.yaml b/nuclei-templates/2025/CVE-2025-23547-988cd41a27d0d22add2c5a27ab9d2bbd.yaml new file mode 100644 index 0000000000..97d7c86b62 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23547-988cd41a27d0d22add2c5a27ab9d2bbd.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23547-988cd41a27d0d22add2c5a27ab9d2bbd + +info: + name: > + LH Login Page <= 2.14 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The LH Login Page plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.14 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/303f348b-846c-4aad-9193-36e056a02f71?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23547 + metadata: + fofa-query: "wp-content/plugins/lh-login-page/" + google-query: inurl:"/wp-content/plugins/lh-login-page/" + shodan-query: 'vuln:CVE-2025-23547' + tags: cve,wordpress,wp-plugin,lh-login-page,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/lh-login-page/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "lh-login-page" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.14') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23557-9f2a890d3d9a2e829029570bb54e63c9.yaml b/nuclei-templates/2025/CVE-2025-23557-9f2a890d3d9a2e829029570bb54e63c9.yaml new file mode 100644 index 0000000000..a3ce071aac --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23557-9f2a890d3d9a2e829029570bb54e63c9.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23557-9f2a890d3d9a2e829029570bb54e63c9 + +info: + name: > + Find Your Reps <= 1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Find Your Reps plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a2096af8-1a09-4839-a9db-ce7ddd552b06?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23557 + metadata: + fofa-query: "wp-content/plugins/find-your-reps/" + google-query: inurl:"/wp-content/plugins/find-your-reps/" + shodan-query: 'vuln:CVE-2025-23557' + tags: cve,wordpress,wp-plugin,find-your-reps,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/find-your-reps/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "find-your-reps" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23558-29a315aa1739a3ca3885824d0c2cd4a5.yaml b/nuclei-templates/2025/CVE-2025-23558-29a315aa1739a3ca3885824d0c2cd4a5.yaml new file mode 100644 index 0000000000..81fefb2b27 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23558-29a315aa1739a3ca3885824d0c2cd4a5.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23558-29a315aa1739a3ca3885824d0c2cd4a5 + +info: + name: > + Geotagged Media <= 0.3.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Geotagged Media plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.3.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bb302392-bde0-4c29-adae-649110d032a7?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23558 + metadata: + fofa-query: "wp-content/plugins/geotagged-media/" + google-query: inurl:"/wp-content/plugins/geotagged-media/" + shodan-query: 'vuln:CVE-2025-23558' + tags: cve,wordpress,wp-plugin,geotagged-media,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/geotagged-media/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "geotagged-media" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.3.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23559-8132ee9e66e52d8c2f5589b9685f023a.yaml b/nuclei-templates/2025/CVE-2025-23559-8132ee9e66e52d8c2f5589b9685f023a.yaml new file mode 100644 index 0000000000..4616b5b349 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23559-8132ee9e66e52d8c2f5589b9685f023a.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23559-8132ee9e66e52d8c2f5589b9685f023a + +info: + name: > + MemeOne <= 2.0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The MemeOne plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.5. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/80e2f799-2cd7-414f-9701-2269eeecf22a?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23559 + metadata: + fofa-query: "wp-content/plugins/memeone/" + google-query: inurl:"/wp-content/plugins/memeone/" + shodan-query: 'vuln:CVE-2025-23559' + tags: cve,wordpress,wp-plugin,memeone,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/memeone/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "memeone" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.5') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23560-15d734274a10a772cf97518758e8b1b6.yaml b/nuclei-templates/2025/CVE-2025-23560-15d734274a10a772cf97518758e8b1b6.yaml new file mode 100644 index 0000000000..b632fa5424 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23560-15d734274a10a772cf97518758e8b1b6.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23560-15d734274a10a772cf97518758e8b1b6 + +info: + name: > + Web Testimonials <= 1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Web Testimonials plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/86d54e0c-39a8-435c-81a7-cbc35d9da11c?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23560 + metadata: + fofa-query: "wp-content/plugins/web-testimonials/" + google-query: inurl:"/wp-content/plugins/web-testimonials/" + shodan-query: 'vuln:CVE-2025-23560' + tags: cve,wordpress,wp-plugin,web-testimonials,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/web-testimonials/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "web-testimonials" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23562-5d84517b4b006a3ec243ba87396c537e.yaml b/nuclei-templates/2025/CVE-2025-23562-5d84517b4b006a3ec243ba87396c537e.yaml new file mode 100644 index 0000000000..210d20e666 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23562-5d84517b4b006a3ec243ba87396c537e.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23562-5d84517b4b006a3ec243ba87396c537e + +info: + name: > + XLSXviewer <= 2.1.1 - Authenticated (Subscriber+) Arbitrary File Deletion + author: topscoder + severity: low + description: > + The XLSXviewer plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in all versions up to, and including, 2.1.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ca57c103-094b-4e1f-8875-75f883ff10a7?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H + cvss-score: 8.1 + cve-id: CVE-2025-23562 + metadata: + fofa-query: "wp-content/plugins/xlsx-viewer/" + google-query: inurl:"/wp-content/plugins/xlsx-viewer/" + shodan-query: 'vuln:CVE-2025-23562' + tags: cve,wordpress,wp-plugin,xlsx-viewer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/xlsx-viewer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "xlsx-viewer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23566-b1cd6e60802dc483a319dc1cf8b260b1.yaml b/nuclei-templates/2025/CVE-2025-23566-b1cd6e60802dc483a319dc1cf8b260b1.yaml new file mode 100644 index 0000000000..795c6e0384 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23566-b1cd6e60802dc483a319dc1cf8b260b1.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23566-b1cd6e60802dc483a319dc1cf8b260b1 + +info: + name: > + Custom Post <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Custom Post plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/562f058a-d4dc-4b59-b11e-d942f4c8de52?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23566 + metadata: + fofa-query: "wp-content/plugins/custom-post-type-gui/" + google-query: inurl:"/wp-content/plugins/custom-post-type-gui/" + shodan-query: 'vuln:CVE-2025-23566' + tags: cve,wordpress,wp-plugin,custom-post-type-gui,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-post-type-gui/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-post-type-gui" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23567-558215187541434bd43ff9a6f47e9fa1.yaml b/nuclei-templates/2025/CVE-2025-23567-558215187541434bd43ff9a6f47e9fa1.yaml new file mode 100644 index 0000000000..b37b52a00e --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23567-558215187541434bd43ff9a6f47e9fa1.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23567-558215187541434bd43ff9a6f47e9fa1 + +info: + name: > + GDReseller <= 1.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The GDReseller plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bb1095e8-41f0-4cce-8381-0ef79c3c73de?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23567 + metadata: + fofa-query: "wp-content/plugins/gdreseller/" + google-query: inurl:"/wp-content/plugins/gdreseller/" + shodan-query: 'vuln:CVE-2025-23567' + tags: cve,wordpress,wp-plugin,gdreseller,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gdreseller/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gdreseller" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23569-e0088ea408705f0259d0619870d5c205.yaml b/nuclei-templates/2025/CVE-2025-23569-e0088ea408705f0259d0619870d5c205.yaml new file mode 100644 index 0000000000..d138f2cf22 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23569-e0088ea408705f0259d0619870d5c205.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23569-e0088ea408705f0259d0619870d5c205 + +info: + name: > + Shortcode in Comment <= 1.1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Shortcode in Comment plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/26d25f12-e7dd-4b30-859e-351aaaa9edff?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23569 + metadata: + fofa-query: "wp-content/plugins/shortcode-in-comment/" + google-query: inurl:"/wp-content/plugins/shortcode-in-comment/" + shodan-query: 'vuln:CVE-2025-23569' + tags: cve,wordpress,wp-plugin,shortcode-in-comment,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shortcode-in-comment/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shortcode-in-comment" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23572-bc94274a4cf2e65dc3217922f44203df.yaml b/nuclei-templates/2025/CVE-2025-23572-bc94274a4cf2e65dc3217922f44203df.yaml new file mode 100644 index 0000000000..4bdf55961e --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23572-bc94274a4cf2e65dc3217922f44203df.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23572-bc94274a4cf2e65dc3217922f44203df + +info: + name: > + UpDownUpDown <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The UpDownUpDown plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1e12494c-e777-4ee1-be70-7469141f968f?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23572 + metadata: + fofa-query: "wp-content/plugins/updownupdown-postcomment-voting/" + google-query: inurl:"/wp-content/plugins/updownupdown-postcomment-voting/" + shodan-query: 'vuln:CVE-2025-23572' + tags: cve,wordpress,wp-plugin,updownupdown-postcomment-voting,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/updownupdown-postcomment-voting/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "updownupdown-postcomment-voting" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23573-d67192c8b1a0ebb19070e5fdec8288ec.yaml b/nuclei-templates/2025/CVE-2025-23573-d67192c8b1a0ebb19070e5fdec8288ec.yaml new file mode 100644 index 0000000000..f3f99689d4 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23573-d67192c8b1a0ebb19070e5fdec8288ec.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23573-d67192c8b1a0ebb19070e5fdec8288ec + +info: + name: > + WP Background Tile <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The WP Background Tile plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/efaf589c-a808-4263-9734-3b335b06e7ca?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23573 + metadata: + fofa-query: "wp-content/plugins/wp-background-tile/" + google-query: inurl:"/wp-content/plugins/wp-background-tile/" + shodan-query: 'vuln:CVE-2025-23573' + tags: cve,wordpress,wp-plugin,wp-background-tile,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-background-tile/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-background-tile" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23577-dc732fb0aa163352c8c8c2aebdd73725.yaml b/nuclei-templates/2025/CVE-2025-23577-dc732fb0aa163352c8c8c2aebdd73725.yaml new file mode 100644 index 0000000000..0b720d00a3 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23577-dc732fb0aa163352c8c8c2aebdd73725.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23577-dc732fb0aa163352c8c8c2aebdd73725 + +info: + name: > + Word Freshener <= 1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Word Freshener plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/adf8c50a-c657-4452-8c6b-23c2a56b7b78?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23577 + metadata: + fofa-query: "wp-content/plugins/word-freshener/" + google-query: inurl:"/wp-content/plugins/word-freshener/" + shodan-query: 'vuln:CVE-2025-23577' + tags: cve,wordpress,wp-plugin,word-freshener,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/word-freshener/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "word-freshener" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23578-df0eeea3c330c1cc77c9f1347f395faa.yaml b/nuclei-templates/2025/CVE-2025-23578-df0eeea3c330c1cc77c9f1347f395faa.yaml new file mode 100644 index 0000000000..ebba9266f6 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23578-df0eeea3c330c1cc77c9f1347f395faa.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23578-df0eeea3c330c1cc77c9f1347f395faa + +info: + name: > + Custom CSS Addons <= 1.9.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Custom CSS Addons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.9.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cfecc35a-30e2-4474-b727-ec2fcbf07e0c?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23578 + metadata: + fofa-query: "wp-content/plugins/css-addons/" + google-query: inurl:"/wp-content/plugins/css-addons/" + shodan-query: 'vuln:CVE-2025-23578' + tags: cve,wordpress,wp-plugin,css-addons,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/css-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "css-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23580-bc81bf866b3c2034b731bbd3f6c9c477.yaml b/nuclei-templates/2025/CVE-2025-23580-bc81bf866b3c2034b731bbd3f6c9c477.yaml new file mode 100644 index 0000000000..3049b856b9 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23580-bc81bf866b3c2034b731bbd3f6c9c477.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23580-bc81bf866b3c2034b731bbd3f6c9c477 + +info: + name: > + BizLibrary <= 1.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The BizLibrary plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9ce6b1fe-637b-4e2d-99e1-d23873d8f53f?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23580 + metadata: + fofa-query: "wp-content/plugins/bizlibrary/" + google-query: inurl:"/wp-content/plugins/bizlibrary/" + shodan-query: 'vuln:CVE-2025-23580' + tags: cve,wordpress,wp-plugin,bizlibrary,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bizlibrary/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bizlibrary" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23583-e53d4ae0b013ddf14a29ac29b1624f3e.yaml b/nuclei-templates/2025/CVE-2025-23583-e53d4ae0b013ddf14a29ac29b1624f3e.yaml new file mode 100644 index 0000000000..839ce07d23 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23583-e53d4ae0b013ddf14a29ac29b1624f3e.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23583-e53d4ae0b013ddf14a29ac29b1624f3e + +info: + name: > + Explara Membership <= 0.0.7 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Explara Membership plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 0.0.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9f9ea566-7492-4616-bd67-e6b7449370f1?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23583 + metadata: + fofa-query: "wp-content/plugins/explara-membership/" + google-query: inurl:"/wp-content/plugins/explara-membership/" + shodan-query: 'vuln:CVE-2025-23583' + tags: cve,wordpress,wp-plugin,explara-membership,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/explara-membership/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "explara-membership" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.0.7') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23592-5056823fdba92f7dce8fce55a5f5108c.yaml b/nuclei-templates/2025/CVE-2025-23592-5056823fdba92f7dce8fce55a5f5108c.yaml new file mode 100644 index 0000000000..c7c07207b5 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23592-5056823fdba92f7dce8fce55a5f5108c.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23592-5056823fdba92f7dce8fce55a5f5108c + +info: + name: > + dForms <= 1.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The dForms plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/aee79aa4-cb40-4a9c-a5f5-c22c5be509c0?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23592 + metadata: + fofa-query: "wp-content/plugins/dforms/" + google-query: inurl:"/wp-content/plugins/dforms/" + shodan-query: 'vuln:CVE-2025-23592' + tags: cve,wordpress,wp-plugin,dforms,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dforms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dforms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23597-612324a48096a218a07014e9d8490343.yaml b/nuclei-templates/2025/CVE-2025-23597-612324a48096a218a07014e9d8490343.yaml new file mode 100644 index 0000000000..e6df67473d --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23597-612324a48096a218a07014e9d8490343.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23597-612324a48096a218a07014e9d8490343 + +info: + name: > + Rio Photo Gallery <= 0.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Rio Photo Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/106451c1-e0e7-4318-ac27-e17943874a8f?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23597 + metadata: + fofa-query: "wp-content/plugins/rio-photo-gallery/" + google-query: inurl:"/wp-content/plugins/rio-photo-gallery/" + shodan-query: 'vuln:CVE-2025-23597' + tags: cve,wordpress,wp-plugin,rio-photo-gallery,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rio-photo-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rio-photo-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23611-2c83c2a2085e00f89ceaa9aec9849e35.yaml b/nuclei-templates/2025/CVE-2025-23611-2c83c2a2085e00f89ceaa9aec9849e35.yaml new file mode 100644 index 0000000000..76ca59ef00 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23611-2c83c2a2085e00f89ceaa9aec9849e35.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23611-2c83c2a2085e00f89ceaa9aec9849e35 + +info: + name: > + WH Cache & Security <= 1.1.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The WH Cache & Security plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e7d0c727-be79-4344-87de-86cdf3615874?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23611 + metadata: + fofa-query: "wp-content/plugins/wh-cache-and-security/" + google-query: inurl:"/wp-content/plugins/wh-cache-and-security/" + shodan-query: 'vuln:CVE-2025-23611' + tags: cve,wordpress,wp-plugin,wh-cache-and-security,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wh-cache-and-security/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wh-cache-and-security" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23617-8697f3fde780cfc41952123e13655b39.yaml b/nuclei-templates/2025/CVE-2025-23617-8697f3fde780cfc41952123e13655b39.yaml new file mode 100644 index 0000000000..035abdc1c9 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23617-8697f3fde780cfc41952123e13655b39.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23617-8697f3fde780cfc41952123e13655b39 + +info: + name: > + Floatbox Plus <= 1.4.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Floatbox Plus plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.4. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8e01e4ec-287b-405d-94c8-4627c54ede37?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23617 + metadata: + fofa-query: "wp-content/plugins/floatbox-plus/" + google-query: inurl:"/wp-content/plugins/floatbox-plus/" + shodan-query: 'vuln:CVE-2025-23617' + tags: cve,wordpress,wp-plugin,floatbox-plus,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/floatbox-plus/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "floatbox-plus" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.4') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23618-81c365d90965c8c2582faadd01cd1f5a.yaml b/nuclei-templates/2025/CVE-2025-23618-81c365d90965c8c2582faadd01cd1f5a.yaml new file mode 100644 index 0000000000..f86373e861 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23618-81c365d90965c8c2582faadd01cd1f5a.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23618-81c365d90965c8c2582faadd01cd1f5a + +info: + name: > + Twitter Shortcode <= 0.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Twitter Shortcode plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9d9d6433-94c1-4e31-b16a-88b6ae6330c5?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23618 + metadata: + fofa-query: "wp-content/plugins/twitter-shortcode/" + google-query: inurl:"/wp-content/plugins/twitter-shortcode/" + shodan-query: 'vuln:CVE-2025-23618' + tags: cve,wordpress,wp-plugin,twitter-shortcode,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/twitter-shortcode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "twitter-shortcode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.9') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23620-e4306ac452f0e66aefe4ca1223b9d184.yaml b/nuclei-templates/2025/CVE-2025-23620-e4306ac452f0e66aefe4ca1223b9d184.yaml new file mode 100644 index 0000000000..6e39bf8ed0 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23620-e4306ac452f0e66aefe4ca1223b9d184.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23620-e4306ac452f0e66aefe4ca1223b9d184 + +info: + name: > + Captchelfie – Captcha by Selfie <= 1.0.7 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Captchelfie – Captcha by Selfie plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/89746f2b-4893-4e9b-841a-6f346cd8dac4?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23620 + metadata: + fofa-query: "wp-content/plugins/captchelfie-captcha-by-selfie/" + google-query: inurl:"/wp-content/plugins/captchelfie-captcha-by-selfie/" + shodan-query: 'vuln:CVE-2025-23620' + tags: cve,wordpress,wp-plugin,captchelfie-captcha-by-selfie,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/captchelfie-captcha-by-selfie/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "captchelfie-captcha-by-selfie" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.7') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23623-aed07214d8257439f1bb0c9ad9a4d426.yaml b/nuclei-templates/2025/CVE-2025-23623-aed07214d8257439f1bb0c9ad9a4d426.yaml new file mode 100644 index 0000000000..20c2702483 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23623-aed07214d8257439f1bb0c9ad9a4d426.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23623-aed07214d8257439f1bb0c9ad9a4d426 + +info: + name: > + Contact Form 7 – CCAvenue Add-on <= 1.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Contact Form 7 – CCAvenue Add-on plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e12dcad4-747b-40ba-96f3-746fa2abef74?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23623 + metadata: + fofa-query: "wp-content/plugins/cf7-cc-avenue-add-on/" + google-query: inurl:"/wp-content/plugins/cf7-cc-avenue-add-on/" + shodan-query: 'vuln:CVE-2025-23623' + tags: cve,wordpress,wp-plugin,cf7-cc-avenue-add-on,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cf7-cc-avenue-add-on/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cf7-cc-avenue-add-on" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23625-a5fd68924525405f5359fc99f8a1149e.yaml b/nuclei-templates/2025/CVE-2025-23625-a5fd68924525405f5359fc99f8a1149e.yaml new file mode 100644 index 0000000000..f311d2c393 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23625-a5fd68924525405f5359fc99f8a1149e.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23625-a5fd68924525405f5359fc99f8a1149e + +info: + name: > + Unique UX <= 0.9.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Unique UX plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 0.9.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/15d6cdb5-5259-46d5-8649-a3abcde4fb47?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23625 + metadata: + fofa-query: "wp-content/plugins/unique-ux/" + google-query: inurl:"/wp-content/plugins/unique-ux/" + shodan-query: 'vuln:CVE-2025-23625' + tags: cve,wordpress,wp-plugin,unique-ux,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/unique-ux/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "unique-ux" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.9.2') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23627-1d7553dc4b645517a0e201ce7159e37d.yaml b/nuclei-templates/2025/CVE-2025-23627-1d7553dc4b645517a0e201ce7159e37d.yaml new file mode 100644 index 0000000000..16c11e3c3a --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23627-1d7553dc4b645517a0e201ce7159e37d.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23627-1d7553dc4b645517a0e201ce7159e37d + +info: + name: > + Comment-Emailer <= 1.0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Comment-Emailer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.5. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a201e33b-bec2-4d84-8d05-9860bc37203d?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23627 + metadata: + fofa-query: "wp-content/plugins/comment-emailer/" + google-query: inurl:"/wp-content/plugins/comment-emailer/" + shodan-query: 'vuln:CVE-2025-23627' + tags: cve,wordpress,wp-plugin,comment-emailer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/comment-emailer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "comment-emailer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.5') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23639-36ff044f1441fe5d2e3562c8e277c312.yaml b/nuclei-templates/2025/CVE-2025-23639-36ff044f1441fe5d2e3562c8e277c312.yaml new file mode 100644 index 0000000000..c46409f8a3 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23639-36ff044f1441fe5d2e3562c8e277c312.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23639-36ff044f1441fe5d2e3562c8e277c312 + +info: + name: > + MDC YouTube Downloader <= 3.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The MDC YouTube Downloader plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dbdb8fad-93de-40c5-8e1e-6e8885bc8025?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23639 + metadata: + fofa-query: "wp-content/plugins/mdc-youtube-downloader/" + google-query: inurl:"/wp-content/plugins/mdc-youtube-downloader/" + shodan-query: 'vuln:CVE-2025-23639' + tags: cve,wordpress,wp-plugin,mdc-youtube-downloader,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mdc-youtube-downloader/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mdc-youtube-downloader" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23640-456eaea330d650cdce3b364fdff12076.yaml b/nuclei-templates/2025/CVE-2025-23640-456eaea330d650cdce3b364fdff12076.yaml new file mode 100644 index 0000000000..91d3dd9a07 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23640-456eaea330d650cdce3b364fdff12076.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23640-456eaea330d650cdce3b364fdff12076 + +info: + name: > + Rename Author Slug <= 1.2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Rename Author Slug plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/291c8df8-fd87-4554-b5e5-3d1f510dbfc2?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23640 + metadata: + fofa-query: "wp-content/plugins/rename-author-slug/" + google-query: inurl:"/wp-content/plugins/rename-author-slug/" + shodan-query: 'vuln:CVE-2025-23640' + tags: cve,wordpress,wp-plugin,rename-author-slug,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rename-author-slug/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rename-author-slug" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23641-a85f3d0041c0b65ab915e36b1b3b49d8.yaml b/nuclei-templates/2025/CVE-2025-23641-a85f3d0041c0b65ab915e36b1b3b49d8.yaml new file mode 100644 index 0000000000..cb3aec834b --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23641-a85f3d0041c0b65ab915e36b1b3b49d8.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23641-a85f3d0041c0b65ab915e36b1b3b49d8 + +info: + name: > + Powie's pLinks PagePeeker <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Powie's pLinks PagePeeker plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7ae0ce4b-743b-476d-93b3-bd5006f49c51?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-23641 + metadata: + fofa-query: "wp-content/plugins/plinks/" + google-query: inurl:"/wp-content/plugins/plinks/" + shodan-query: 'vuln:CVE-2025-23641' + tags: cve,wordpress,wp-plugin,plinks,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/plinks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "plinks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.2') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23642-b267df126497fd28b161f37538b4f705.yaml b/nuclei-templates/2025/CVE-2025-23642-b267df126497fd28b161f37538b4f705.yaml new file mode 100644 index 0000000000..4326dda485 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23642-b267df126497fd28b161f37538b4f705.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23642-b267df126497fd28b161f37538b4f705 + +info: + name: > + Sidebar-Content from Shortcode <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Sidebar-Content from Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d6bf752e-56be-42fc-b2d7-0a9658287c3b?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-23642 + metadata: + fofa-query: "wp-content/plugins/sidebar-content-from-shortcode/" + google-query: inurl:"/wp-content/plugins/sidebar-content-from-shortcode/" + shodan-query: 'vuln:CVE-2025-23642' + tags: cve,wordpress,wp-plugin,sidebar-content-from-shortcode,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sidebar-content-from-shortcode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sidebar-content-from-shortcode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23644-aeedb19c309c6248d816225bed506f24.yaml b/nuclei-templates/2025/CVE-2025-23644-aeedb19c309c6248d816225bed506f24.yaml new file mode 100644 index 0000000000..4a838ca631 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23644-aeedb19c309c6248d816225bed506f24.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23644-aeedb19c309c6248d816225bed506f24 + +info: + name: > + QuoteMedia Tools <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The QuoteMedia Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0446af38-540d-4f3c-bffc-eeee0ef10a20?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-23644 + metadata: + fofa-query: "wp-content/plugins/quotemedia-tools/" + google-query: inurl:"/wp-content/plugins/quotemedia-tools/" + shodan-query: 'vuln:CVE-2025-23644' + tags: cve,wordpress,wp-plugin,quotemedia-tools,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quotemedia-tools/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quotemedia-tools" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23649-0a9cb9d6c16a576192b6ed8c7404da25.yaml b/nuclei-templates/2025/CVE-2025-23649-0a9cb9d6c16a576192b6ed8c7404da25.yaml new file mode 100644 index 0000000000..10a12c0edf --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23649-0a9cb9d6c16a576192b6ed8c7404da25.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23649-0a9cb9d6c16a576192b6ed8c7404da25 + +info: + name: > + Auphonic Importer <= 1.5.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Auphonic Importer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/279877c9-17e1-4caa-98a7-ecd43ff17ca1?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23649 + metadata: + fofa-query: "wp-content/plugins/auphonic-importer/" + google-query: inurl:"/wp-content/plugins/auphonic-importer/" + shodan-query: 'vuln:CVE-2025-23649' + tags: cve,wordpress,wp-plugin,auphonic-importer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/auphonic-importer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "auphonic-importer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23654-426b4c8c486bc8288ce067da059d719d.yaml b/nuclei-templates/2025/CVE-2025-23654-426b4c8c486bc8288ce067da059d719d.yaml new file mode 100644 index 0000000000..62d3e01c88 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23654-426b4c8c486bc8288ce067da059d719d.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23654-426b4c8c486bc8288ce067da059d719d + +info: + name: > + Twitter Post <= 0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Twitter Post plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dce917b5-d4d8-4d85-a249-2446386dbef6?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23654 + metadata: + fofa-query: "wp-content/plugins/twitterpost/" + google-query: inurl:"/wp-content/plugins/twitterpost/" + shodan-query: 'vuln:CVE-2025-23654' + tags: cve,wordpress,wp-plugin,twitterpost,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/twitterpost/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "twitterpost" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23659-1fd91ce3da398778cc2bc2a650fe9573.yaml b/nuclei-templates/2025/CVE-2025-23659-1fd91ce3da398778cc2bc2a650fe9573.yaml new file mode 100644 index 0000000000..df0652afb2 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23659-1fd91ce3da398778cc2bc2a650fe9573.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23659-1fd91ce3da398778cc2bc2a650fe9573 + +info: + name: > + MercadoLibre Integration <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The MercadoLibre Integration plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f67c4315-b73d-4eac-8ded-0e5b3a937fec?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23659 + metadata: + fofa-query: "wp-content/plugins/mercadolibre-integration/" + google-query: inurl:"/wp-content/plugins/mercadolibre-integration/" + shodan-query: 'vuln:CVE-2025-23659' + tags: cve,wordpress,wp-plugin,mercadolibre-integration,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mercadolibre-integration/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mercadolibre-integration" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23660-ff95227c172cfa1e37bde2b18250348f.yaml b/nuclei-templates/2025/CVE-2025-23660-ff95227c172cfa1e37bde2b18250348f.yaml new file mode 100644 index 0000000000..3bdc10534a --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23660-ff95227c172cfa1e37bde2b18250348f.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23660-ff95227c172cfa1e37bde2b18250348f + +info: + name: > + MFPlugin <= 1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The MFPlugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d8e95efa-1c34-4267-b93f-bb850f0a6e85?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23660 + metadata: + fofa-query: "wp-content/plugins/mfplugin/" + google-query: inurl:"/wp-content/plugins/mfplugin/" + shodan-query: 'vuln:CVE-2025-23660' + tags: cve,wordpress,wp-plugin,mfplugin,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mfplugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mfplugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23661-3afb1c9136822781e7089e85a9ccc158.yaml b/nuclei-templates/2025/CVE-2025-23661-3afb1c9136822781e7089e85a9ccc158.yaml new file mode 100644 index 0000000000..7d09e4acb9 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23661-3afb1c9136822781e7089e85a9ccc158.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23661-3afb1c9136822781e7089e85a9ccc158 + +info: + name: > + NV Slider <= 1.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The NV Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a1b0d129-1070-4399-8a1e-3d3ad34dc1a2?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23661 + metadata: + fofa-query: "wp-content/plugins/nv-slider/" + google-query: inurl:"/wp-content/plugins/nv-slider/" + shodan-query: 'vuln:CVE-2025-23661' + tags: cve,wordpress,wp-plugin,nv-slider,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nv-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nv-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23662-d9882dda019774515443bdca143791d5.yaml b/nuclei-templates/2025/CVE-2025-23662-d9882dda019774515443bdca143791d5.yaml new file mode 100644 index 0000000000..109f7524a6 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23662-d9882dda019774515443bdca143791d5.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23662-d9882dda019774515443bdca143791d5 + +info: + name: > + WP Panoramio <= 1.5.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The WP Panoramio plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8b707d85-ba12-4f54-bd86-6f11d47515e0?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23662 + metadata: + fofa-query: "wp-content/plugins/wp-panoramio/" + google-query: inurl:"/wp-content/plugins/wp-panoramio/" + shodan-query: 'vuln:CVE-2025-23662' + tags: cve,wordpress,wp-plugin,wp-panoramio,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-panoramio/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-panoramio" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23664-010ac3ab6577b18ac5cd3b194a90081b.yaml b/nuclei-templates/2025/CVE-2025-23664-010ac3ab6577b18ac5cd3b194a90081b.yaml new file mode 100644 index 0000000000..ae4ab374bd --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23664-010ac3ab6577b18ac5cd3b194a90081b.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23664-010ac3ab6577b18ac5cd3b194a90081b + +info: + name: > + Real Seguro Viagem <= 2.0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Real Seguro Viagem plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.5. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3d0afaca-e58a-4b20-97ba-0125648a269b?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23664 + metadata: + fofa-query: "wp-content/plugins/seguro-viagem/" + google-query: inurl:"/wp-content/plugins/seguro-viagem/" + shodan-query: 'vuln:CVE-2025-23664' + tags: cve,wordpress,wp-plugin,seguro-viagem,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/seguro-viagem/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "seguro-viagem" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.5') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23665-392a6b20cf19a4c3a961d3acd9c16c73.yaml b/nuclei-templates/2025/CVE-2025-23665-392a6b20cf19a4c3a961d3acd9c16c73.yaml new file mode 100644 index 0000000000..e848cb4250 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23665-392a6b20cf19a4c3a961d3acd9c16c73.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23665-392a6b20cf19a4c3a961d3acd9c16c73 + +info: + name: > + RSV GMaps <= 1.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The RSV GMaps plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9b05ffc8-3f28-424b-aa3d-4132994b7376?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23665 + metadata: + fofa-query: "wp-content/plugins/rsv-google-maps/" + google-query: inurl:"/wp-content/plugins/rsv-google-maps/" + shodan-query: 'vuln:CVE-2025-23665' + tags: cve,wordpress,wp-plugin,rsv-google-maps,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rsv-google-maps/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rsv-google-maps" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23672-3549cdc3c845d177bfc81b2f20afb7fb.yaml b/nuclei-templates/2025/CVE-2025-23672-3549cdc3c845d177bfc81b2f20afb7fb.yaml new file mode 100644 index 0000000000..891cf971d0 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23672-3549cdc3c845d177bfc81b2f20afb7fb.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23672-3549cdc3c845d177bfc81b2f20afb7fb + +info: + name: > + Instant Appointment <= 1.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Instant Appointment plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5af3acba-9620-4038-bc0c-4be1596573ff?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23672 + metadata: + fofa-query: "wp-content/plugins/instant-appointment/" + google-query: inurl:"/wp-content/plugins/instant-appointment/" + shodan-query: 'vuln:CVE-2025-23672' + tags: cve,wordpress,wp-plugin,instant-appointment,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/instant-appointment/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "instant-appointment" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23673-f2f99fd627b33c6b7ef182b841efabee.yaml b/nuclei-templates/2025/CVE-2025-23673-f2f99fd627b33c6b7ef182b841efabee.yaml new file mode 100644 index 0000000000..51ba9b964d --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23673-f2f99fd627b33c6b7ef182b841efabee.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23673-f2f99fd627b33c6b7ef182b841efabee + +info: + name: > + Email on Publish <= 1.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Email on Publish plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b32a446-9100-4ce7-ba82-ec5e44b4520e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23673 + metadata: + fofa-query: "wp-content/plugins/email-on-publish/" + google-query: inurl:"/wp-content/plugins/email-on-publish/" + shodan-query: 'vuln:CVE-2025-23673' + tags: cve,wordpress,wp-plugin,email-on-publish,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/email-on-publish/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "email-on-publish" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23674-b93b6032b3478ac65e10691b57381345.yaml b/nuclei-templates/2025/CVE-2025-23674-b93b6032b3478ac65e10691b57381345.yaml new file mode 100644 index 0000000000..5e3f5f7ccf --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23674-b93b6032b3478ac65e10691b57381345.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23674-b93b6032b3478ac65e10691b57381345 + +info: + name: > + Bit.ly linker <= 1.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Bit.ly linker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2196197f-ccae-4893-b939-12980d20b9f6?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23674 + metadata: + fofa-query: "wp-content/plugins/bitly-linker/" + google-query: inurl:"/wp-content/plugins/bitly-linker/" + shodan-query: 'vuln:CVE-2025-23674' + tags: cve,wordpress,wp-plugin,bitly-linker,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bitly-linker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bitly-linker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23675-9358a54b6d9ff97ce29189d7e17dab95.yaml b/nuclei-templates/2025/CVE-2025-23675-9358a54b6d9ff97ce29189d7e17dab95.yaml new file mode 100644 index 0000000000..440f0b42fe --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23675-9358a54b6d9ff97ce29189d7e17dab95.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23675-9358a54b6d9ff97ce29189d7e17dab95 + +info: + name: > + Import Users to MailChimp <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Import Users to MailChimp plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/16d41531-5250-421e-93d6-29176e1f252d?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23675 + metadata: + fofa-query: "wp-content/plugins/import-users-to-mailchimp/" + google-query: inurl:"/wp-content/plugins/import-users-to-mailchimp/" + shodan-query: 'vuln:CVE-2025-23675' + tags: cve,wordpress,wp-plugin,import-users-to-mailchimp,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/import-users-to-mailchimp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "import-users-to-mailchimp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23676-ae7eaf9fd20953e44904d4b709c9bf74.yaml b/nuclei-templates/2025/CVE-2025-23676-ae7eaf9fd20953e44904d4b709c9bf74.yaml new file mode 100644 index 0000000000..05e347652a --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23676-ae7eaf9fd20953e44904d4b709c9bf74.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23676-ae7eaf9fd20953e44904d4b709c9bf74 + +info: + name: > + LH Email <= 1.12 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The LH Email plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/00717a4e-0157-4dbd-81b4-d88b476b1964?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23676 + metadata: + fofa-query: "wp-content/plugins/lh-email/" + google-query: inurl:"/wp-content/plugins/lh-email/" + shodan-query: 'vuln:CVE-2025-23676' + tags: cve,wordpress,wp-plugin,lh-email,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/lh-email/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "lh-email" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.12') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23677-35060cf916cd599492b71f28c08edcab.yaml b/nuclei-templates/2025/CVE-2025-23677-35060cf916cd599492b71f28c08edcab.yaml new file mode 100644 index 0000000000..09e7790aaf --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23677-35060cf916cd599492b71f28c08edcab.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23677-35060cf916cd599492b71f28c08edcab + +info: + name: > + HTTP to HTTPS link changer by Eyga.net <= 0.2.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The HTTP to HTTPS link changer by Eyga.net plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2.4. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5cbbcc3f-b51b-4336-ab92-c6dca4c1510a?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23677 + metadata: + fofa-query: "wp-content/plugins/https-links-in-content/" + google-query: inurl:"/wp-content/plugins/https-links-in-content/" + shodan-query: 'vuln:CVE-2025-23677' + tags: cve,wordpress,wp-plugin,https-links-in-content,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/https-links-in-content/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "https-links-in-content" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.2.4') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23678-e63dd7e2867d6b099fbcd86214a14ec0.yaml b/nuclei-templates/2025/CVE-2025-23678-e63dd7e2867d6b099fbcd86214a14ec0.yaml new file mode 100644 index 0000000000..c777908446 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23678-e63dd7e2867d6b099fbcd86214a14ec0.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23678-e63dd7e2867d6b099fbcd86214a14ec0 + +info: + name: > + LocalGrid <= 1.0.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The LocalGrid plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/302e80da-8a7e-4883-8e0f-658fff2579bd?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23678 + metadata: + fofa-query: "wp-content/plugins/localgrid/" + google-query: inurl:"/wp-content/plugins/localgrid/" + shodan-query: 'vuln:CVE-2025-23678' + tags: cve,wordpress,wp-plugin,localgrid,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/localgrid/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "localgrid" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23679-e325da549fbab3597e7e156f792eb2bf.yaml b/nuclei-templates/2025/CVE-2025-23679-e325da549fbab3597e7e156f792eb2bf.yaml new file mode 100644 index 0000000000..9bc39220b6 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23679-e325da549fbab3597e7e156f792eb2bf.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23679-e325da549fbab3597e7e156f792eb2bf + +info: + name: > + FP RSS Category Excluder <= 1.0.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The FP RSS Category Excluder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/30f49721-13d6-4410-9dc5-6be69ada74a4?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23679 + metadata: + fofa-query: "wp-content/plugins/fp-rss-category-excluder/" + google-query: inurl:"/wp-content/plugins/fp-rss-category-excluder/" + shodan-query: 'vuln:CVE-2025-23679' + tags: cve,wordpress,wp-plugin,fp-rss-category-excluder,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fp-rss-category-excluder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fp-rss-category-excluder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23681-75f6de6a5c3006ff4570e2c4cf064582.yaml b/nuclei-templates/2025/CVE-2025-23681-75f6de6a5c3006ff4570e2c4cf064582.yaml new file mode 100644 index 0000000000..4344856ebe --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23681-75f6de6a5c3006ff4570e2c4cf064582.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23681-75f6de6a5c3006ff4570e2c4cf064582 + +info: + name: > + REDIRECTION PLUS <= 2.0.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The REDIRECTION PLUS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/91da9275-0934-496e-9cf9-5f5e6eedfdff?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23681 + metadata: + fofa-query: "wp-content/plugins/redirection-plus/" + google-query: inurl:"/wp-content/plugins/redirection-plus/" + shodan-query: 'vuln:CVE-2025-23681' + tags: cve,wordpress,wp-plugin,redirection-plus,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/redirection-plus/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "redirection-plus" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23682-f5b80b6a11787534bec09a591785e90b.yaml b/nuclei-templates/2025/CVE-2025-23682-f5b80b6a11787534bec09a591785e90b.yaml new file mode 100644 index 0000000000..f7f54bc662 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23682-f5b80b6a11787534bec09a591785e90b.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23682-f5b80b6a11787534bec09a591785e90b + +info: + name: > + Preloader Quotes <= 1.0.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Preloader Quotes plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/43443789-4ebe-49b9-a3fe-ba7e5a8d3a7d?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23682 + metadata: + fofa-query: "wp-content/plugins/preloader-quotes/" + google-query: inurl:"/wp-content/plugins/preloader-quotes/" + shodan-query: 'vuln:CVE-2025-23682' + tags: cve,wordpress,wp-plugin,preloader-quotes,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/preloader-quotes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "preloader-quotes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23683-f3dd67888ea1a5773495bb358ec51d91.yaml b/nuclei-templates/2025/CVE-2025-23683-f3dd67888ea1a5773495bb358ec51d91.yaml new file mode 100644 index 0000000000..b7b955705a --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23683-f3dd67888ea1a5773495bb358ec51d91.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23683-f3dd67888ea1a5773495bb358ec51d91 + +info: + name: > + MACME <= 1.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The MACME plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/db491dff-8301-4df8-a7b7-5024b145d038?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23683 + metadata: + fofa-query: "wp-content/plugins/macme/" + google-query: inurl:"/wp-content/plugins/macme/" + shodan-query: 'vuln:CVE-2025-23683' + tags: cve,wordpress,wp-plugin,macme,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/macme/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "macme" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23684-82ef5911477713a046bd03e5b58935ca.yaml b/nuclei-templates/2025/CVE-2025-23684-82ef5911477713a046bd03e5b58935ca.yaml new file mode 100644 index 0000000000..d457cb93d5 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23684-82ef5911477713a046bd03e5b58935ca.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23684-82ef5911477713a046bd03e5b58935ca + +info: + name: > + Debug Tool <= 2.2 - Missing Authorization + author: topscoder + severity: low + description: > + The Debug Tool plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a73c2502-2bac-47b0-baf4-645314b2048b?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2025-23684 + metadata: + fofa-query: "wp-content/plugins/debug-tool/" + google-query: inurl:"/wp-content/plugins/debug-tool/" + shodan-query: 'vuln:CVE-2025-23684' + tags: cve,wordpress,wp-plugin,debug-tool,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/debug-tool/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "debug-tool" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23686-686b37a9937f1973072218e09e2ce8d6.yaml b/nuclei-templates/2025/CVE-2025-23686-686b37a9937f1973072218e09e2ce8d6.yaml new file mode 100644 index 0000000000..1931e1d3de --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23686-686b37a9937f1973072218e09e2ce8d6.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23686-686b37a9937f1973072218e09e2ce8d6 + +info: + name: > + Admin Menu Organizer <= 1.0.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Admin Menu Organizer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1b1d2d03-f96a-4495-bdf9-0f48ad9cefd6?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23686 + metadata: + fofa-query: "wp-content/plugins/admin-menu-organizer/" + google-query: inurl:"/wp-content/plugins/admin-menu-organizer/" + shodan-query: 'vuln:CVE-2025-23686' + tags: cve,wordpress,wp-plugin,admin-menu-organizer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/admin-menu-organizer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "admin-menu-organizer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23689-f15a16463dbaa7a0481796e33d997cd0.yaml b/nuclei-templates/2025/CVE-2025-23689-f15a16463dbaa7a0481796e33d997cd0.yaml new file mode 100644 index 0000000000..73a2f38098 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23689-f15a16463dbaa7a0481796e33d997cd0.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23689-f15a16463dbaa7a0481796e33d997cd0 + +info: + name: > + Blogger Image Import 2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Blogger Image Import plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 2.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a879b624-1670-40f5-832a-63c9c850a953?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23689 + metadata: + fofa-query: "wp-content/plugins/blogger-image-import/" + google-query: inurl:"/wp-content/plugins/blogger-image-import/" + shodan-query: 'vuln:CVE-2025-23689' + tags: cve,wordpress,wp-plugin,blogger-image-import,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/blogger-image-import/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "blogger-image-import" + part: body + + - type: dsl + dsl: + - compare_versions(version, '2.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23690-d805ed2f7008f9a20cbe354a4d780e70.yaml b/nuclei-templates/2025/CVE-2025-23690-d805ed2f7008f9a20cbe354a4d780e70.yaml new file mode 100644 index 0000000000..3e95c6a96e --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23690-d805ed2f7008f9a20cbe354a4d780e70.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23690-d805ed2f7008f9a20cbe354a4d780e70 + +info: + name: > + Book a Place <= 0.7.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Book a Place plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.7.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/99d62147-f1bf-4146-a22d-d7d8486ed9e7?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23690 + metadata: + fofa-query: "wp-content/plugins/book-a-place/" + google-query: inurl:"/wp-content/plugins/book-a-place/" + shodan-query: 'vuln:CVE-2025-23690' + tags: cve,wordpress,wp-plugin,book-a-place,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/book-a-place/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "book-a-place" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.7.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23691-b1c9450cd6def075ed4b0aec0b7b6332.yaml b/nuclei-templates/2025/CVE-2025-23691-b1c9450cd6def075ed4b0aec0b7b6332.yaml new file mode 100644 index 0000000000..cfb62c42a5 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23691-b1c9450cd6def075ed4b0aec0b7b6332.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23691-b1c9450cd6def075ed4b0aec0b7b6332 + +info: + name: > + Send to Twitter <= 1.7.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Send to Twitter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3ec48620-4969-43ff-bf42-72188dba001a?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23691 + metadata: + fofa-query: "wp-content/plugins/send-to-twitter/" + google-query: inurl:"/wp-content/plugins/send-to-twitter/" + shodan-query: 'vuln:CVE-2025-23691' + tags: cve,wordpress,wp-plugin,send-to-twitter,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/send-to-twitter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "send-to-twitter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.2') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23692-7a813cba552421f0cf82f20de584d9f9.yaml b/nuclei-templates/2025/CVE-2025-23692-7a813cba552421f0cf82f20de584d9f9.yaml new file mode 100644 index 0000000000..beb98151a6 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23692-7a813cba552421f0cf82f20de584d9f9.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23692-7a813cba552421f0cf82f20de584d9f9 + +info: + name: > + Slider for Writers <= 1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Slider for Writers plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d6847492-6204-40ae-b971-8eeb1a10ce23?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23692 + metadata: + fofa-query: "wp-content/plugins/slider-for-writers/" + google-query: inurl:"/wp-content/plugins/slider-for-writers/" + shodan-query: 'vuln:CVE-2025-23692' + tags: cve,wordpress,wp-plugin,slider-for-writers,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/slider-for-writers/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "slider-for-writers" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23693-1fc85f2f6d880f4611bd2143bc209e2f.yaml b/nuclei-templates/2025/CVE-2025-23693-1fc85f2f6d880f4611bd2143bc209e2f.yaml new file mode 100644 index 0000000000..e5124530d7 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23693-1fc85f2f6d880f4611bd2143bc209e2f.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23693-1fc85f2f6d880f4611bd2143bc209e2f + +info: + name: > + Secure CAPTCHA <= 1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Secure CAPTCHA plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1e3f3b97-f6f5-44c3-9caa-f8a387b819e6?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23693 + metadata: + fofa-query: "wp-content/plugins/secure-captcha/" + google-query: inurl:"/wp-content/plugins/secure-captcha/" + shodan-query: 'vuln:CVE-2025-23693' + tags: cve,wordpress,wp-plugin,secure-captcha,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/secure-captcha/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "secure-captcha" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23694-0c7825634ab7b2ed5114b1215b60ab82.yaml b/nuclei-templates/2025/CVE-2025-23694-0c7825634ab7b2ed5114b1215b60ab82.yaml new file mode 100644 index 0000000000..a8eb47b56c --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23694-0c7825634ab7b2ed5114b1215b60ab82.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23694-0c7825634ab7b2ed5114b1215b60ab82 + +info: + name: > + Shabbos and Yom Tov <= 1.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Shabbos and Yom Tov plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/de8abfac-f25e-41a4-8e94-ab01b105f3b4?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23694 + metadata: + fofa-query: "wp-content/plugins/shabbos-and-yom-tov/" + google-query: inurl:"/wp-content/plugins/shabbos-and-yom-tov/" + shodan-query: 'vuln:CVE-2025-23694' + tags: cve,wordpress,wp-plugin,shabbos-and-yom-tov,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shabbos-and-yom-tov/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shabbos-and-yom-tov" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23698-2177072a219d1767f2fc90340f73b364.yaml b/nuclei-templates/2025/CVE-2025-23698-2177072a219d1767f2fc90340f73b364.yaml new file mode 100644 index 0000000000..0021768f88 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23698-2177072a219d1767f2fc90340f73b364.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23698-2177072a219d1767f2fc90340f73b364 + +info: + name: > + WP Custom Google Search <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The WP Custom Google Search plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/716d4f0b-939c-42c2-bfb8-dc39df79bdbc?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23698 + metadata: + fofa-query: "wp-content/plugins/wp-custom-google-search/" + google-query: inurl:"/wp-content/plugins/wp-custom-google-search/" + shodan-query: 'vuln:CVE-2025-23698' + tags: cve,wordpress,wp-plugin,wp-custom-google-search,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-custom-google-search/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-custom-google-search" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23699-b8022722c3b73f715dc8624997ae00b1.yaml b/nuclei-templates/2025/CVE-2025-23699-b8022722c3b73f715dc8624997ae00b1.yaml new file mode 100644 index 0000000000..9c45e85efa --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23699-b8022722c3b73f715dc8624997ae00b1.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23699-b8022722c3b73f715dc8624997ae00b1 + +info: + name: > + Event Countdown Timer Plugin by TechMix <= 1.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Event Countdown Timer Plugin by TechMix plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e05a0a28-cc3b-44ed-b815-5f6e5d75007e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23699 + metadata: + fofa-query: "wp-content/plugins/event-countdown-timer/" + google-query: inurl:"/wp-content/plugins/event-countdown-timer/" + shodan-query: 'vuln:CVE-2025-23699' + tags: cve,wordpress,wp-plugin,event-countdown-timer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/event-countdown-timer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "event-countdown-timer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23702-c23d115375b85c9057dbdf3d952e83e6.yaml b/nuclei-templates/2025/CVE-2025-23702-c23d115375b85c9057dbdf3d952e83e6.yaml new file mode 100644 index 0000000000..5243bc87c7 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23702-c23d115375b85c9057dbdf3d952e83e6.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23702-c23d115375b85c9057dbdf3d952e83e6 + +info: + name: > + Anonymize Links <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Anonymize Links plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e177c03c-20bd-4135-b72f-fbceab88a117?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23702 + metadata: + fofa-query: "wp-content/plugins/anonymize-links/" + google-query: inurl:"/wp-content/plugins/anonymize-links/" + shodan-query: 'vuln:CVE-2025-23702' + tags: cve,wordpress,wp-plugin,anonymize-links,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/anonymize-links/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "anonymize-links" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23703-2a43a82a9c424933c1d1155709e45700.yaml b/nuclei-templates/2025/CVE-2025-23703-2a43a82a9c424933c1d1155709e45700.yaml new file mode 100644 index 0000000000..c85a0b0d2b --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23703-2a43a82a9c424933c1d1155709e45700.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23703-2a43a82a9c424933c1d1155709e45700 + +info: + name: > + Free MailClient FMC <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Free MailClient FMC plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/49fe6b97-2c5d-4829-a72f-2bcbc10550b5?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23703 + metadata: + fofa-query: "wp-content/plugins/mailclient/" + google-query: inurl:"/wp-content/plugins/mailclient/" + shodan-query: 'vuln:CVE-2025-23703' + tags: cve,wordpress,wp-plugin,mailclient,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mailclient/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mailclient" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23706-c462181b959ae53e63a26ba103a4bf62.yaml b/nuclei-templates/2025/CVE-2025-23706-c462181b959ae53e63a26ba103a4bf62.yaml new file mode 100644 index 0000000000..37ea09d885 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23706-c462181b959ae53e63a26ba103a4bf62.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23706-c462181b959ae53e63a26ba103a4bf62 + +info: + name: > + Jet Skinner for BuddyPress <= 1.2.5 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Jet Skinner for BuddyPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7594a0ed-cde4-4575-b155-e3717f0fee90?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23706 + metadata: + fofa-query: "wp-content/plugins/jet-skinner-for-buddypress/" + google-query: inurl:"/wp-content/plugins/jet-skinner-for-buddypress/" + shodan-query: 'vuln:CVE-2025-23706' + tags: cve,wordpress,wp-plugin,jet-skinner-for-buddypress,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jet-skinner-for-buddypress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jet-skinner-for-buddypress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.5') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23708-86f097bcd938b03e37a4555ce6e11848.yaml b/nuclei-templates/2025/CVE-2025-23708-86f097bcd938b03e37a4555ce6e11848.yaml new file mode 100644 index 0000000000..12ea45b87f --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23708-86f097bcd938b03e37a4555ce6e11848.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23708-86f097bcd938b03e37a4555ce6e11848 + +info: + name: > + DF Draggable <= 1.13.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The DF Draggable plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.13.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b0c6d8a-f673-4f04-92dc-88ccbc6ff9c9?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23708 + metadata: + fofa-query: "wp-content/plugins/df-draggable/" + google-query: inurl:"/wp-content/plugins/df-draggable/" + shodan-query: 'vuln:CVE-2025-23708' + tags: cve,wordpress,wp-plugin,df-draggable,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/df-draggable/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "df-draggable" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.13.2') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23710-1014513c6ef8e5de1a0bfc6ff2ee7cd1.yaml b/nuclei-templates/2025/CVE-2025-23710-1014513c6ef8e5de1a0bfc6ff2ee7cd1.yaml new file mode 100644 index 0000000000..15085b87cb --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23710-1014513c6ef8e5de1a0bfc6ff2ee7cd1.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23710-1014513c6ef8e5de1a0bfc6ff2ee7cd1 + +info: + name: > + Flying Twitter Birds <= 1.8 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Flying Twitter Birds plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ecddca6d-c977-47e8-a91c-7cf3f59f668b?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23710 + metadata: + fofa-query: "wp-content/plugins/flying-twitter-birds/" + google-query: inurl:"/wp-content/plugins/flying-twitter-birds/" + shodan-query: 'vuln:CVE-2025-23710' + tags: cve,wordpress,wp-plugin,flying-twitter-birds,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/flying-twitter-birds/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "flying-twitter-birds" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23712-78c28c2f5323de5694333a34bef53920.yaml b/nuclei-templates/2025/CVE-2025-23712-78c28c2f5323de5694333a34bef53920.yaml new file mode 100644 index 0000000000..58ec4e875f --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23712-78c28c2f5323de5694333a34bef53920.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23712-78c28c2f5323de5694333a34bef53920 + +info: + name: > + Kapost <= 2.2.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Kapost plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.9. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7e392355-ff56-47c3-a836-04ef8ae84602?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23712 + metadata: + fofa-query: "wp-content/plugins/kapost-byline/" + google-query: inurl:"/wp-content/plugins/kapost-byline/" + shodan-query: 'vuln:CVE-2025-23712' + tags: cve,wordpress,wp-plugin,kapost-byline,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/kapost-byline/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "kapost-byline" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.9') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23713-130c3837e182b1971727218c91e4015a.yaml b/nuclei-templates/2025/CVE-2025-23713-130c3837e182b1971727218c91e4015a.yaml new file mode 100644 index 0000000000..c1a8c7dda0 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23713-130c3837e182b1971727218c91e4015a.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23713-130c3837e182b1971727218c91e4015a + +info: + name: > + Hack me if you can <= 1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Hack me if you can plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/18ea9880-817f-41d0-a552-b43deac46bb3?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23713 + metadata: + fofa-query: "wp-content/plugins/hack-me-if-you-can/" + google-query: inurl:"/wp-content/plugins/hack-me-if-you-can/" + shodan-query: 'vuln:CVE-2025-23713' + tags: cve,wordpress,wp-plugin,hack-me-if-you-can,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/hack-me-if-you-can/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "hack-me-if-you-can" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23715-bc39e77ae47ebebbce6efdc0083be4b7.yaml b/nuclei-templates/2025/CVE-2025-23715-bc39e77ae47ebebbce6efdc0083be4b7.yaml new file mode 100644 index 0000000000..f1fb1eb709 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23715-bc39e77ae47ebebbce6efdc0083be4b7.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23715-bc39e77ae47ebebbce6efdc0083be4b7 + +info: + name: > + Post & Page Notes <= 0.1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Post & Page Notes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4bbb9f63-b572-464f-b317-73808953a04d?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23715 + metadata: + fofa-query: "wp-content/plugins/post-page-notes/" + google-query: inurl:"/wp-content/plugins/post-page-notes/" + shodan-query: 'vuln:CVE-2025-23715' + tags: cve,wordpress,wp-plugin,post-page-notes,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/post-page-notes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "post-page-notes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.1.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23717-5c0bbc23c4e3d1c2e306cd180966f556.yaml b/nuclei-templates/2025/CVE-2025-23717-5c0bbc23c4e3d1c2e306cd180966f556.yaml new file mode 100644 index 0000000000..289f17de53 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23717-5c0bbc23c4e3d1c2e306cd180966f556.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23717-5c0bbc23c4e3d1c2e306cd180966f556 + +info: + name: > + Theme My Ontraport Smartform <= 1.2.11 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Theme My Ontraport Smartform plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.11. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dd9548bd-4064-4ef8-9f35-5d05bba7f190?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23717 + metadata: + fofa-query: "wp-content/plugins/theme-my-ontraport-smartform/" + google-query: inurl:"/wp-content/plugins/theme-my-ontraport-smartform/" + shodan-query: 'vuln:CVE-2025-23717' + tags: cve,wordpress,wp-plugin,theme-my-ontraport-smartform,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/theme-my-ontraport-smartform/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "theme-my-ontraport-smartform" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.11') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23720-a730a240d7af9b1617286fae57fb099e.yaml b/nuclei-templates/2025/CVE-2025-23720-a730a240d7af9b1617286fae57fb099e.yaml new file mode 100644 index 0000000000..da34cefc7e --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23720-a730a240d7af9b1617286fae57fb099e.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23720-a730a240d7af9b1617286fae57fb099e + +info: + name: > + Web Push <= 1.4.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Web Push plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a869248a-a3ff-4a5b-b980-ecd2c2aafa98?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23720 + metadata: + fofa-query: "wp-content/plugins/web-push/" + google-query: inurl:"/wp-content/plugins/web-push/" + shodan-query: 'vuln:CVE-2025-23720' + tags: cve,wordpress,wp-plugin,web-push,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/web-push/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "web-push" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23743-a5f092037dfc3a96db163aa825033ed7.yaml b/nuclei-templates/2025/CVE-2025-23743-a5f092037dfc3a96db163aa825033ed7.yaml new file mode 100644 index 0000000000..188785145e --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23743-a5f092037dfc3a96db163aa825033ed7.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23743-a5f092037dfc3a96db163aa825033ed7 + +info: + name: > + Social Analytics <= 0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Social Analytics plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/99258980-2be8-4590-bf47-576bd1ae4535?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23743 + metadata: + fofa-query: "wp-content/plugins/social-analytics/" + google-query: inurl:"/wp-content/plugins/social-analytics/" + shodan-query: 'vuln:CVE-2025-23743' + tags: cve,wordpress,wp-plugin,social-analytics,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/social-analytics/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "social-analytics" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.2') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23745-46853a67c9315678f202ac5d34f031de.yaml b/nuclei-templates/2025/CVE-2025-23745-46853a67c9315678f202ac5d34f031de.yaml new file mode 100644 index 0000000000..f95e4220fa --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23745-46853a67c9315678f202ac5d34f031de.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23745-46853a67c9315678f202ac5d34f031de + +info: + name: > + Call me Now <= 1.0.5 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + The WordPress Call me Now plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.5. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/aef56a34-b98e-4759-bd3f-37fb6f8b18e9?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23745 + metadata: + fofa-query: "wp-content/plugins/call-me-now/" + google-query: inurl:"/wp-content/plugins/call-me-now/" + shodan-query: 'vuln:CVE-2025-23745' + tags: cve,wordpress,wp-plugin,call-me-now,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/call-me-now/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "call-me-now" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.5') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23749-bd3403cf83736c3e06b0c6a56890cdee.yaml b/nuclei-templates/2025/CVE-2025-23749-bd3403cf83736c3e06b0c6a56890cdee.yaml new file mode 100644 index 0000000000..15819b671d --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23749-bd3403cf83736c3e06b0c6a56890cdee.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23749-bd3403cf83736c3e06b0c6a56890cdee + +info: + name: > + mybb Last Topics <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The mybb Last Topics plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c27f2d6c-826b-4b17-b432-cd142f96ce7a?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23749 + metadata: + fofa-query: "wp-content/plugins/mybb-last-topics/" + google-query: inurl:"/wp-content/plugins/mybb-last-topics/" + shodan-query: 'vuln:CVE-2025-23749' + tags: cve,wordpress,wp-plugin,mybb-last-topics,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mybb-last-topics/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mybb-last-topics" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23758-2dbaea160d25538f06a24151dafc6cf3.yaml b/nuclei-templates/2025/CVE-2025-23758-2dbaea160d25538f06a24151dafc6cf3.yaml new file mode 100644 index 0000000000..c930acde1f --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23758-2dbaea160d25538f06a24151dafc6cf3.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23758-2dbaea160d25538f06a24151dafc6cf3 + +info: + name: > + Pootle button <= 1.2.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Pootle button plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/20087364-11d6-4346-8b80-c3a3739598f9?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23758 + metadata: + fofa-query: "wp-content/plugins/pootle-button/" + google-query: inurl:"/wp-content/plugins/pootle-button/" + shodan-query: 'vuln:CVE-2025-23758' + tags: cve,wordpress,wp-plugin,pootle-button,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pootle-button/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pootle-button" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23760-d94a2acacebfde2115d7001f90af2721.yaml b/nuclei-templates/2025/CVE-2025-23760-d94a2acacebfde2115d7001f90af2721.yaml new file mode 100644 index 0000000000..49571ffecf --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23760-d94a2acacebfde2115d7001f90af2721.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23760-d94a2acacebfde2115d7001f90af2721 + +info: + name: > + Chatter <= 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Chatter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/38743972-a82c-451e-a637-7812222de7a4?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23760 + metadata: + fofa-query: "wp-content/plugins/chatter/" + google-query: inurl:"/wp-content/plugins/chatter/" + shodan-query: 'vuln:CVE-2025-23760' + tags: cve,wordpress,wp-plugin,chatter,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/chatter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "chatter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23761-59e16945ea678b1bffd3cd45e6b559d7.yaml b/nuclei-templates/2025/CVE-2025-23761-59e16945ea678b1bffd3cd45e6b559d7.yaml new file mode 100644 index 0000000000..8cfd36e6a7 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23761-59e16945ea678b1bffd3cd45e6b559d7.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23761-59e16945ea678b1bffd3cd45e6b559d7 + +info: + name: > + Woo Tuner <= 0.1.2 - Missing Authorization + author: topscoder + severity: low + description: > + The Woo Tuner plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 0.1.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/84e9c24c-5507-446d-9bfd-f01244f43449?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2025-23761 + metadata: + fofa-query: "wp-content/plugins/woo-tuner/" + google-query: inurl:"/wp-content/plugins/woo-tuner/" + shodan-query: 'vuln:CVE-2025-23761' + tags: cve,wordpress,wp-plugin,woo-tuner,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-tuner/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-tuner" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.1.2') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23764-c4a6c240c0e7ece3f97b4eef02996b39.yaml b/nuclei-templates/2025/CVE-2025-23764-c4a6c240c0e7ece3f97b4eef02996b39.yaml new file mode 100644 index 0000000000..cad31b6a27 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23764-c4a6c240c0e7ece3f97b4eef02996b39.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23764-c4a6c240c0e7ece3f97b4eef02996b39 + +info: + name: > + Copy Move Posts <= 1.6 - Missing Authorization + author: topscoder + severity: high + description: > + The Copy Move Posts plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.6. This makes it possible for unauthenticated attackers to perform an unauthorized action. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/71e03764-f8e8-467c-8657-e4b44bdbdc35?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N + cvss-score: 5.3 + cve-id: CVE-2025-23764 + metadata: + fofa-query: "wp-content/plugins/copy-move-posts/" + google-query: inurl:"/wp-content/plugins/copy-move-posts/" + shodan-query: 'vuln:CVE-2025-23764' + tags: cve,wordpress,wp-plugin,copy-move-posts,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/copy-move-posts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "copy-move-posts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23765-c090ce2a31e4dcd829faed4976cdb35d.yaml b/nuclei-templates/2025/CVE-2025-23765-c090ce2a31e4dcd829faed4976cdb35d.yaml new file mode 100644 index 0000000000..bf544190d1 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23765-c090ce2a31e4dcd829faed4976cdb35d.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23765-c090ce2a31e4dcd829faed4976cdb35d + +info: + name: > + W3SPEEDSTER <= 7.33 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The W3SPEEDSTER plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.33. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ec46ab73-8429-4cfc-8867-1ee1db22b43c?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23765 + metadata: + fofa-query: "wp-content/plugins/w3speedster-wp/" + google-query: inurl:"/wp-content/plugins/w3speedster-wp/" + shodan-query: 'vuln:CVE-2025-23765' + tags: cve,wordpress,wp-plugin,w3speedster-wp,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/w3speedster-wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "w3speedster-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.33') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23767-675be86b15a579fd9f2a02234121f970.yaml b/nuclei-templates/2025/CVE-2025-23767-675be86b15a579fd9f2a02234121f970.yaml new file mode 100644 index 0000000000..0cbba429a7 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23767-675be86b15a579fd9f2a02234121f970.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23767-675be86b15a579fd9f2a02234121f970 + +info: + name: > + Marmoset Viewer <= 1.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Marmoset Viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.9.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1780e19e-5836-4601-a2e8-a758b245f14f?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-23767 + metadata: + fofa-query: "wp-content/plugins/marmoset-viewer/" + google-query: inurl:"/wp-content/plugins/marmoset-viewer/" + shodan-query: 'vuln:CVE-2025-23767' + tags: cve,wordpress,wp-plugin,marmoset-viewer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/marmoset-viewer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "marmoset-viewer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.3') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23772-42271f6e315e0a7f831cb95aad2611a0.yaml b/nuclei-templates/2025/CVE-2025-23772-42271f6e315e0a7f831cb95aad2611a0.yaml new file mode 100644 index 0000000000..04d0bc9932 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23772-42271f6e315e0a7f831cb95aad2611a0.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23772-42271f6e315e0a7f831cb95aad2611a0 + +info: + name: > + imaGenius <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The imaGenius plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8cfc0403-48cb-443e-b55f-b8692aaad180?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-23772 + metadata: + fofa-query: "wp-content/plugins/imagenius/" + google-query: inurl:"/wp-content/plugins/imagenius/" + shodan-query: 'vuln:CVE-2025-23772' + tags: cve,wordpress,wp-plugin,imagenius,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/imagenius/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "imagenius" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23774-047209b9e130411078c80ac04dc602bc.yaml b/nuclei-templates/2025/CVE-2025-23774-047209b9e130411078c80ac04dc602bc.yaml new file mode 100644 index 0000000000..4374166ab1 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23774-047209b9e130411078c80ac04dc602bc.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23774-047209b9e130411078c80ac04dc602bc + +info: + name: > + WPDB to Sql <= 1.2 - Unauthenticated Sensitive Information Exposure + author: topscoder + severity: medium + description: > + The WPDB to Sql plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e8b77b06-5f59-418a-8c94-498b2df252ad?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.3 + cve-id: CVE-2025-23774 + metadata: + fofa-query: "wp-content/plugins/wpdb-to-sql/" + google-query: inurl:"/wp-content/plugins/wpdb-to-sql/" + shodan-query: 'vuln:CVE-2025-23774' + tags: cve,wordpress,wp-plugin,wpdb-to-sql,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpdb-to-sql/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpdb-to-sql" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23775-b88d1f2a4725311d4fa8c7768008043d.yaml b/nuclei-templates/2025/CVE-2025-23775-b88d1f2a4725311d4fa8c7768008043d.yaml new file mode 100644 index 0000000000..47983bb83c --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23775-b88d1f2a4725311d4fa8c7768008043d.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23775-b88d1f2a4725311d4fa8c7768008043d + +info: + name: > + GMAPS for WPBakery Page Builder Free <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The GMAPS for WPBakery Page Builder Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2c251bf5-f6c0-4d2e-a240-95b0f1fce3f5?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-23775 + metadata: + fofa-query: "wp-content/plugins/gmaps-for-visual-composer-free/" + google-query: inurl:"/wp-content/plugins/gmaps-for-visual-composer-free/" + shodan-query: 'vuln:CVE-2025-23775' + tags: cve,wordpress,wp-plugin,gmaps-for-visual-composer-free,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gmaps-for-visual-composer-free/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gmaps-for-visual-composer-free" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23776-b72fcdac19be0c5c24d2d0373e514529.yaml b/nuclei-templates/2025/CVE-2025-23776-b72fcdac19be0c5c24d2d0373e514529.yaml new file mode 100644 index 0000000000..01918dcd78 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23776-b72fcdac19be0c5c24d2d0373e514529.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23776-b72fcdac19be0c5c24d2d0373e514529 + +info: + name: > + Cache Sniper for Nginx <= 1.0.4.2 - Missing Authorization + author: topscoder + severity: low + description: > + The Cache Sniper for Nginx plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.0.4.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b8d0638e-06c5-4884-a14d-4b28ae3ef3f3?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2025-23776 + metadata: + fofa-query: "wp-content/plugins/snipe-nginx-cache/" + google-query: inurl:"/wp-content/plugins/snipe-nginx-cache/" + shodan-query: 'vuln:CVE-2025-23776' + tags: cve,wordpress,wp-plugin,snipe-nginx-cache,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/snipe-nginx-cache/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "snipe-nginx-cache" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.4.2') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23777-5519ae6cdb96d2ea8c7f6d52fe1bf7c1.yaml b/nuclei-templates/2025/CVE-2025-23777-5519ae6cdb96d2ea8c7f6d52fe1bf7c1.yaml new file mode 100644 index 0000000000..8460eac7a3 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23777-5519ae6cdb96d2ea8c7f6d52fe1bf7c1.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23777-5519ae6cdb96d2ea8c7f6d52fe1bf7c1 + +info: + name: > + GDPR Personal Data Reports <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The GDPR Personal Data Reports plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fa63ba9b-7569-4508-92c2-6ae8b9bef3fd?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-23777 + metadata: + fofa-query: "wp-content/plugins/gdpr-personal-data-reports/" + google-query: inurl:"/wp-content/plugins/gdpr-personal-data-reports/" + shodan-query: 'vuln:CVE-2025-23777' + tags: cve,wordpress,wp-plugin,gdpr-personal-data-reports,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gdpr-personal-data-reports/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gdpr-personal-data-reports" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.5') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23778-78bcd83826e36156ee9c37a6a2a50781.yaml b/nuclei-templates/2025/CVE-2025-23778-78bcd83826e36156ee9c37a6a2a50781.yaml new file mode 100644 index 0000000000..182780275a --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23778-78bcd83826e36156ee9c37a6a2a50781.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23778-78bcd83826e36156ee9c37a6a2a50781 + +info: + name: > + User Sync ActiveCampaign <= 1.3.2 - Missing Authorization + author: topscoder + severity: low + description: > + The User Sync ActiveCampaign plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.3.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9231645c-aadd-4bc9-a5b7-b94802a2dd1e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2025-23778 + metadata: + fofa-query: "wp-content/plugins/registered-user-sync-activecampaign/" + google-query: inurl:"/wp-content/plugins/registered-user-sync-activecampaign/" + shodan-query: 'vuln:CVE-2025-23778' + tags: cve,wordpress,wp-plugin,registered-user-sync-activecampaign,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/registered-user-sync-activecampaign/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "registered-user-sync-activecampaign" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.2') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23779-e3ac6ea416b29626ad17f0f6e168f9c3.yaml b/nuclei-templates/2025/CVE-2025-23779-e3ac6ea416b29626ad17f0f6e168f9c3.yaml new file mode 100644 index 0000000000..09c7888c88 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23779-e3ac6ea416b29626ad17f0f6e168f9c3.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23779-e3ac6ea416b29626ad17f0f6e168f9c3 + +info: + name: > + ResAds <= 2.0.5 - Authenticated (Administrator+) SQL Injection + author: topscoder + severity: low + description: > + The ResAds plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 2.0.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ddbd4940-fe1c-46f0-9148-53c5a4095785?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N + cvss-score: 4.9 + cve-id: CVE-2025-23779 + metadata: + fofa-query: "wp-content/plugins/resads/" + google-query: inurl:"/wp-content/plugins/resads/" + shodan-query: 'vuln:CVE-2025-23779' + tags: cve,wordpress,wp-plugin,resads,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/resads/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "resads" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.5') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23780-e129014bdde96fa57bac016b6cb2bc28.yaml b/nuclei-templates/2025/CVE-2025-23780-e129014bdde96fa57bac016b6cb2bc28.yaml new file mode 100644 index 0000000000..f55154340b --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23780-e129014bdde96fa57bac016b6cb2bc28.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23780-e129014bdde96fa57bac016b6cb2bc28 + +info: + name: > + Easy Code Snippets <= 1.0.2 - Authenticated (Administrator+) SQL Injection + author: topscoder + severity: low + description: > + The Easy Code Snippets plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.0.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8099e6b7-97d6-4b33-b664-d7423525094f?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N + cvss-score: 4.9 + cve-id: CVE-2025-23780 + metadata: + fofa-query: "wp-content/plugins/easy-code-snippets/" + google-query: inurl:"/wp-content/plugins/easy-code-snippets/" + shodan-query: 'vuln:CVE-2025-23780' + tags: cve,wordpress,wp-plugin,easy-code-snippets,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-code-snippets/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-code-snippets" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.2') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23781-3572c917dcbb40670dbdc32e041b8b97.yaml b/nuclei-templates/2025/CVE-2025-23781-3572c917dcbb40670dbdc32e041b8b97.yaml new file mode 100644 index 0000000000..868bfa24ee --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23781-3572c917dcbb40670dbdc32e041b8b97.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23781-3572c917dcbb40670dbdc32e041b8b97 + +info: + name: > + WM Options Import Export <= 1.0.1 - Unauthenticated Information Exposure + author: topscoder + severity: medium + description: > + The WM Options Import Export plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.1. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e6e572a0-6a82-40ae-9267-68618911b0e5?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.3 + cve-id: CVE-2025-23781 + metadata: + fofa-query: "wp-content/plugins/wm-options-import-export/" + google-query: inurl:"/wp-content/plugins/wm-options-import-export/" + shodan-query: 'vuln:CVE-2025-23781' + tags: cve,wordpress,wp-plugin,wm-options-import-export,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wm-options-import-export/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wm-options-import-export" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23783-01b4e3337c99478f31e355f52e334d83.yaml b/nuclei-templates/2025/CVE-2025-23783-01b4e3337c99478f31e355f52e334d83.yaml new file mode 100644 index 0000000000..6666402d9b --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23783-01b4e3337c99478f31e355f52e334d83.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23783-01b4e3337c99478f31e355f52e334d83 + +info: + name: > + Greek Namedays Widget From Eortologio.Net <= 20191113 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Greek Namedays Widget From Eortologio.Net plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 20191113 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/614c664b-c95e-49ed-b241-579c32a00bf4?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-23783 + metadata: + fofa-query: "wp-content/plugins/greek-namedays-widget/" + google-query: inurl:"/wp-content/plugins/greek-namedays-widget/" + shodan-query: 'vuln:CVE-2025-23783' + tags: cve,wordpress,wp-plugin,greek-namedays-widget,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/greek-namedays-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "greek-namedays-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 20191113') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23784-62a911b07111bc573ec185f6315d3774.yaml b/nuclei-templates/2025/CVE-2025-23784-62a911b07111bc573ec185f6315d3774.yaml new file mode 100644 index 0000000000..632125039d --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23784-62a911b07111bc573ec185f6315d3774.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23784-62a911b07111bc573ec185f6315d3774 + +info: + name: > + Contact Form 7 Round Robin Lead Distribution <= 1.2.1 - Authenticated (Administrator+) SQL Injection + author: topscoder + severity: low + description: > + The Contact Form 7 Round Robin Lead Distribution plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.2.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b31fcf67-61c7-43b2-a068-136b13965ca0?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N + cvss-score: 4.9 + cve-id: CVE-2025-23784 + metadata: + fofa-query: "wp-content/plugins/contact-form-7-round-robin-lead-distribution/" + google-query: inurl:"/wp-content/plugins/contact-form-7-round-robin-lead-distribution/" + shodan-query: 'vuln:CVE-2025-23784' + tags: cve,wordpress,wp-plugin,contact-form-7-round-robin-lead-distribution,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-7-round-robin-lead-distribution/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-7-round-robin-lead-distribution" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23785-c3d4e26d72f6af1134423f78f873e3e8.yaml b/nuclei-templates/2025/CVE-2025-23785-c3d4e26d72f6af1134423f78f873e3e8.yaml new file mode 100644 index 0000000000..a1dae89fbf --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23785-c3d4e26d72f6af1134423f78f873e3e8.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23785-c3d4e26d72f6af1134423f78f873e3e8 + +info: + name: > + AI Responsive Gallery Album <= 1.4 - Missing Authorization + author: topscoder + severity: low + description: > + The AI Responsive Gallery Album plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3e46a552-b0cc-4f46-a19e-1912244b5179?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2025-23785 + metadata: + fofa-query: "wp-content/plugins/ai-responsive-gallery-album/" + google-query: inurl:"/wp-content/plugins/ai-responsive-gallery-album/" + shodan-query: 'vuln:CVE-2025-23785' + tags: cve,wordpress,wp-plugin,ai-responsive-gallery-album,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ai-responsive-gallery-album/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ai-responsive-gallery-album" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23791-3e9cf300dab0b87e8998a97fe5fd86ee.yaml b/nuclei-templates/2025/CVE-2025-23791-3e9cf300dab0b87e8998a97fe5fd86ee.yaml new file mode 100644 index 0000000000..289f7f2c41 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23791-3e9cf300dab0b87e8998a97fe5fd86ee.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23791-3e9cf300dab0b87e8998a97fe5fd86ee + +info: + name: > + Horizontal Line Shortcode <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Horizontal Line Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/46d3693b-61b5-4d93-a584-76b207c76806?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-23791 + metadata: + fofa-query: "wp-content/plugins/horizontal-line-shortcode/" + google-query: inurl:"/wp-content/plugins/horizontal-line-shortcode/" + shodan-query: 'vuln:CVE-2025-23791' + tags: cve,wordpress,wp-plugin,horizontal-line-shortcode,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/horizontal-line-shortcode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "horizontal-line-shortcode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23793-8c99ae46576c09d1a4e517446c40660d.yaml b/nuclei-templates/2025/CVE-2025-23793-8c99ae46576c09d1a4e517446c40660d.yaml new file mode 100644 index 0000000000..9295dd81ec --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23793-8c99ae46576c09d1a4e517446c40660d.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23793-8c99ae46576c09d1a4e517446c40660d + +info: + name: > + Auto FTP <= 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Auto FTP plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4a1d6657-d8bc-4145-96b0-f85e752060f4?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23793 + metadata: + fofa-query: "wp-content/plugins/auto-ftp/" + google-query: inurl:"/wp-content/plugins/auto-ftp/" + shodan-query: 'vuln:CVE-2025-23793' + tags: cve,wordpress,wp-plugin,auto-ftp,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/auto-ftp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "auto-ftp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23794-06433c7d938dd716bd00677ea49eee36.yaml b/nuclei-templates/2025/CVE-2025-23794-06433c7d938dd716bd00677ea49eee36.yaml new file mode 100644 index 0000000000..d0c39929dc --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23794-06433c7d938dd716bd00677ea49eee36.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23794-06433c7d938dd716bd00677ea49eee36 + +info: + name: > + wp_amaps <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The wp_amaps plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/42b49a88-c6b7-47ac-89ab-c2e0d7f1c7cc?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-23794 + metadata: + fofa-query: "wp-content/plugins/wp-amaps/" + google-query: inurl:"/wp-content/plugins/wp-amaps/" + shodan-query: 'vuln:CVE-2025-23794' + tags: cve,wordpress,wp-plugin,wp-amaps,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-amaps/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-amaps" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23795-e2ea95c60b59be91b1c56959cd2e3020.yaml b/nuclei-templates/2025/CVE-2025-23795-e2ea95c60b59be91b1c56959cd2e3020.yaml new file mode 100644 index 0000000000..849eaa4e9a --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23795-e2ea95c60b59be91b1c56959cd2e3020.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23795-e2ea95c60b59be91b1c56959cd2e3020 + +info: + name: > + Easy FAQs <= 3.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Easy FAQs plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/686182c4-f6bc-41a2-a665-efce3a30c5fb?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-23795 + metadata: + fofa-query: "wp-content/plugins/easy-faqs/" + google-query: inurl:"/wp-content/plugins/easy-faqs/" + shodan-query: 'vuln:CVE-2025-23795' + tags: cve,wordpress,wp-plugin,easy-faqs,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-faqs/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-faqs" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23796-8b8194a385f91115b0cfebc5aa84049b.yaml b/nuclei-templates/2025/CVE-2025-23796-8b8194a385f91115b0cfebc5aa84049b.yaml new file mode 100644 index 0000000000..d981263b02 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23796-8b8194a385f91115b0cfebc5aa84049b.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23796-8b8194a385f91115b0cfebc5aa84049b + +info: + name: > + Easy Portfolio <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Easy Portfolio plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/36b5eb39-4edc-4f17-a764-d07f39114ef0?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-23796 + metadata: + fofa-query: "wp-content/plugins/easy-portfolio/" + google-query: inurl:"/wp-content/plugins/easy-portfolio/" + shodan-query: 'vuln:CVE-2025-23796' + tags: cve,wordpress,wp-plugin,easy-portfolio,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-portfolio/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-portfolio" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23797-939542d32f82a3f9b9c9a57ba214af4f.yaml b/nuclei-templates/2025/CVE-2025-23797-939542d32f82a3f9b9c9a57ba214af4f.yaml new file mode 100644 index 0000000000..39af4ed3d2 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23797-939542d32f82a3f9b9c9a57ba214af4f.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23797-939542d32f82a3f9b9c9a57ba214af4f + +info: + name: > + WP Options Editor <= 1.1 - Cross-Site Request Forgery to Privilege Escalation + author: topscoder + severity: medium + description: > + The WP Options Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to elevate their privileges via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ef7f1209-c0e9-4958-aa92-fb2cb2a431e1?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2025-23797 + metadata: + fofa-query: "wp-content/plugins/wp-options-editor/" + google-query: inurl:"/wp-content/plugins/wp-options-editor/" + shodan-query: 'vuln:CVE-2025-23797' + tags: cve,wordpress,wp-plugin,wp-options-editor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-options-editor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-options-editor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23798-e0723690c06f2e707bb0e3f1bda80d9f.yaml b/nuclei-templates/2025/CVE-2025-23798-e0723690c06f2e707bb0e3f1bda80d9f.yaml new file mode 100644 index 0000000000..cb7135695b --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23798-e0723690c06f2e707bb0e3f1bda80d9f.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23798-e0723690c06f2e707bb0e3f1bda80d9f + +info: + name: > + Mass Messaging in BuddyPress <= 2.2.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Mass Messaging in BuddyPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/aa98b83d-5c1f-4fce-b1b8-3d1796fdaef7?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23798 + metadata: + fofa-query: "wp-content/plugins/mass-messaging-in-buddypress/" + google-query: inurl:"/wp-content/plugins/mass-messaging-in-buddypress/" + shodan-query: 'vuln:CVE-2025-23798' + tags: cve,wordpress,wp-plugin,mass-messaging-in-buddypress,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mass-messaging-in-buddypress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mass-messaging-in-buddypress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23800-529db4d3901019a83f84ad604b1490b0.yaml b/nuclei-templates/2025/CVE-2025-23800-529db4d3901019a83f84ad604b1490b0.yaml new file mode 100644 index 0000000000..7272eee4c7 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23800-529db4d3901019a83f84ad604b1490b0.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23800-529db4d3901019a83f84ad604b1490b0 + +info: + name: > + OrangeBox <= 3.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The OrangeBox plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/546c6222-6ffa-41cb-8fff-d2c3cd37ed1f?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23800 + metadata: + fofa-query: "wp-content/plugins/orangebox/" + google-query: inurl:"/wp-content/plugins/orangebox/" + shodan-query: 'vuln:CVE-2025-23800' + tags: cve,wordpress,wp-plugin,orangebox,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/orangebox/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "orangebox" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23801-549b3cf687e7f4d568ab88f2bfe38e89.yaml b/nuclei-templates/2025/CVE-2025-23801-549b3cf687e7f4d568ab88f2bfe38e89.yaml new file mode 100644 index 0000000000..6846828b3b --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23801-549b3cf687e7f4d568ab88f2bfe38e89.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23801-549b3cf687e7f4d568ab88f2bfe38e89 + +info: + name: > + Style Admin <= 1.4.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Style Admin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.3. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cc35af61-363d-463d-844a-8a0b8c37aa27?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23801 + metadata: + fofa-query: "wp-content/plugins/style-admin/" + google-query: inurl:"/wp-content/plugins/style-admin/" + shodan-query: 'vuln:CVE-2025-23801' + tags: cve,wordpress,wp-plugin,style-admin,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/style-admin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "style-admin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.3') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23802-22cf8b6b2ce72743dcdb66697e10f932.yaml b/nuclei-templates/2025/CVE-2025-23802-22cf8b6b2ce72743dcdb66697e10f932.yaml new file mode 100644 index 0000000000..1d2651c023 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23802-22cf8b6b2ce72743dcdb66697e10f932.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23802-22cf8b6b2ce72743dcdb66697e10f932 + +info: + name: > + WP-Revive Adserver <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The WP-Revive Adserver plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a49773ea-981a-4667-a56f-577db0fbf9c7?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-23802 + metadata: + fofa-query: "wp-content/plugins/wp-revive-adserver/" + google-query: inurl:"/wp-content/plugins/wp-revive-adserver/" + shodan-query: 'vuln:CVE-2025-23802' + tags: cve,wordpress,wp-plugin,wp-revive-adserver,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-revive-adserver/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-revive-adserver" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23804-8725833af78b7af1c895cadf88e659ef.yaml b/nuclei-templates/2025/CVE-2025-23804-8725833af78b7af1c895cadf88e659ef.yaml new file mode 100644 index 0000000000..9256acda40 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23804-8725833af78b7af1c895cadf88e659ef.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23804-8725833af78b7af1c895cadf88e659ef + +info: + name: > + WP Service Payment Form With Authorize.net <= 2.6.0 - Cross-Site Request Forgery to Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The WP Service Payment Form With Authorize.net plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/de4f4064-cb72-4b67-b8af-0b2cec5a53d0?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23804 + metadata: + fofa-query: "wp-content/plugins/wp-service-payment-form-with-authorizenet/" + google-query: inurl:"/wp-content/plugins/wp-service-payment-form-with-authorizenet/" + shodan-query: 'vuln:CVE-2025-23804' + tags: cve,wordpress,wp-plugin,wp-service-payment-form-with-authorizenet,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-service-payment-form-with-authorizenet/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-service-payment-form-with-authorizenet" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23805-1b281b9926a46225a3242c4900988d68.yaml b/nuclei-templates/2025/CVE-2025-23805-1b281b9926a46225a3242c4900988d68.yaml new file mode 100644 index 0000000000..4786ce63c3 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23805-1b281b9926a46225a3242c4900988d68.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23805-1b281b9926a46225a3242c4900988d68 + +info: + name: > + SEOReseller Partner <= 1.3.15 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The SEOReseller Partner Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.15. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e29352df-6fd6-4560-aa46-848de0ef8653?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23805 + metadata: + fofa-query: "wp-content/plugins/sr-partner/" + google-query: inurl:"/wp-content/plugins/sr-partner/" + shodan-query: 'vuln:CVE-2025-23805' + tags: cve,wordpress,wp-plugin,sr-partner,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sr-partner/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sr-partner" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.15') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23807-b86db0a9636b4eda8ead4edcc20d0965.yaml b/nuclei-templates/2025/CVE-2025-23807-b86db0a9636b4eda8ead4edcc20d0965.yaml new file mode 100644 index 0000000000..6c37a9da5d --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23807-b86db0a9636b4eda8ead4edcc20d0965.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23807-b86db0a9636b4eda8ead4edcc20d0965 + +info: + name: > + Spiderpowa Embed PDF <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Spiderpowa Embed PDF plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ec2f2856-fd13-48cb-b335-a66c8cb35b6b?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-23807 + metadata: + fofa-query: "wp-content/plugins/spiderpowa-embed-pdf/" + google-query: inurl:"/wp-content/plugins/spiderpowa-embed-pdf/" + shodan-query: 'vuln:CVE-2025-23807' + tags: cve,wordpress,wp-plugin,spiderpowa-embed-pdf,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/spiderpowa-embed-pdf/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "spiderpowa-embed-pdf" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23808-dbea438eaa19082858b9298a51077493.yaml b/nuclei-templates/2025/CVE-2025-23808-dbea438eaa19082858b9298a51077493.yaml new file mode 100644 index 0000000000..d481166027 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23808-dbea438eaa19082858b9298a51077493.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23808-dbea438eaa19082858b9298a51077493 + +info: + name: > + Custom List Table Example <= 1.4.1 - Cross-Site Request Forgery to Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Custom List Table Example plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f61321d4-477a-4f4d-bed2-4ae6fdb864a9?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23808 + metadata: + fofa-query: "wp-content/plugins/custom-list-table-example/" + google-query: inurl:"/wp-content/plugins/custom-list-table-example/" + shodan-query: 'vuln:CVE-2025-23808' + tags: cve,wordpress,wp-plugin,custom-list-table-example,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-list-table-example/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-list-table-example" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23810-67d8a8fa10bd25b35a0aa1bba7b455ae.yaml b/nuclei-templates/2025/CVE-2025-23810-67d8a8fa10bd25b35a0aa1bba7b455ae.yaml new file mode 100644 index 0000000000..f1a17a7e41 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23810-67d8a8fa10bd25b35a0aa1bba7b455ae.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23810-67d8a8fa10bd25b35a0aa1bba7b455ae + +info: + name: > + Len Slider <= 2.0.11 - Cross-Site Request Forgery to Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Len Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.11. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d8d4bc5a-7f76-4103-92e7-d7fe265fc255?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23810 + metadata: + fofa-query: "wp-content/plugins/len-slider/" + google-query: inurl:"/wp-content/plugins/len-slider/" + shodan-query: 'vuln:CVE-2025-23810' + tags: cve,wordpress,wp-plugin,len-slider,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/len-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "len-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.11') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23815-e056ef6316036595624d993aac1d70e3.yaml b/nuclei-templates/2025/CVE-2025-23815-e056ef6316036595624d993aac1d70e3.yaml new file mode 100644 index 0000000000..7f98d7a201 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23815-e056ef6316036595624d993aac1d70e3.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23815-e056ef6316036595624d993aac1d70e3 + +info: + name: > + root Cookie <= 1.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The root Cookie plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/07fa22aa-52fc-4453-8935-132bdd8800a5?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23815 + metadata: + fofa-query: "wp-content/plugins/root-cookie/" + google-query: inurl:"/wp-content/plugins/root-cookie/" + shodan-query: 'vuln:CVE-2025-23815' + tags: cve,wordpress,wp-plugin,root-cookie,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/root-cookie/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "root-cookie" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23816-dbfab394a87f0a91336049ed179661e6.yaml b/nuclei-templates/2025/CVE-2025-23816-dbfab394a87f0a91336049ed179661e6.yaml new file mode 100644 index 0000000000..b164e8d3d6 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23816-dbfab394a87f0a91336049ed179661e6.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23816-dbfab394a87f0a91336049ed179661e6 + +info: + name: > + Metaphor Widgets <= 2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Metaphor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0f56427e-6103-43ae-ae2e-23f520646535?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-23816 + metadata: + fofa-query: "wp-content/plugins/mtphr-widgets/" + google-query: inurl:"/wp-content/plugins/mtphr-widgets/" + shodan-query: 'vuln:CVE-2025-23816' + tags: cve,wordpress,wp-plugin,mtphr-widgets,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mtphr-widgets/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mtphr-widgets" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23817-c4212f3622e729544aa0223db83a4dc8.yaml b/nuclei-templates/2025/CVE-2025-23817-c4212f3622e729544aa0223db83a4dc8.yaml new file mode 100644 index 0000000000..33cbbbc148 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23817-c4212f3622e729544aa0223db83a4dc8.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23817-c4212f3622e729544aa0223db83a4dc8 + +info: + name: > + MHR-Custom-Anti-Copy <= 2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The MHR-Custom-Anti-Copy plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/25595c99-87e2-408d-9931-c864af1cedd8?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23817 + metadata: + fofa-query: "wp-content/plugins/mhr-custom-anti-copy/" + google-query: inurl:"/wp-content/plugins/mhr-custom-anti-copy/" + shodan-query: 'vuln:CVE-2025-23817' + tags: cve,wordpress,wp-plugin,mhr-custom-anti-copy,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mhr-custom-anti-copy/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mhr-custom-anti-copy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23818-04578e1d5cfb7a1505f9393baa6f6e09.yaml b/nuclei-templates/2025/CVE-2025-23818-04578e1d5cfb7a1505f9393baa6f6e09.yaml new file mode 100644 index 0000000000..4e16d294be --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23818-04578e1d5cfb7a1505f9393baa6f6e09.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23818-04578e1d5cfb7a1505f9393baa6f6e09 + +info: + name: > + More Link Modifier <= 1.0.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The More Link Modifier plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/92bb3464-c15b-4d95-8732-9d3bd801999a?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23818 + metadata: + fofa-query: "wp-content/plugins/more-link-modifier/" + google-query: inurl:"/wp-content/plugins/more-link-modifier/" + shodan-query: 'vuln:CVE-2025-23818' + tags: cve,wordpress,wp-plugin,more-link-modifier,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/more-link-modifier/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "more-link-modifier" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.3') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23820-ae7044ae8a337a45792cdf1ec78d56de.yaml b/nuclei-templates/2025/CVE-2025-23820-ae7044ae8a337a45792cdf1ec78d56de.yaml new file mode 100644 index 0000000000..162b8761fe --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23820-ae7044ae8a337a45792cdf1ec78d56de.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23820-ae7044ae8a337a45792cdf1ec78d56de + +info: + name: > + Content Security Policy Pro <= 1.3.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Content Security Policy Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.5. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4c82f6fe-1d6a-4d19-8234-6e27d70f9749?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23820 + metadata: + fofa-query: "wp-content/plugins/content-security-policy-pro/" + google-query: inurl:"/wp-content/plugins/content-security-policy-pro/" + shodan-query: 'vuln:CVE-2025-23820' + tags: cve,wordpress,wp-plugin,content-security-policy-pro,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/content-security-policy-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "content-security-policy-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.5') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23821-d003ceefcd90abe18250d8b3224a9992.yaml b/nuclei-templates/2025/CVE-2025-23821-d003ceefcd90abe18250d8b3224a9992.yaml new file mode 100644 index 0000000000..84088a3fdf --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23821-d003ceefcd90abe18250d8b3224a9992.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23821-d003ceefcd90abe18250d8b3224a9992 + +info: + name: > + WP Cookies Alert <= 1.1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The WP Cookies Alert plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/df9ca3c2-8bc8-4e15-8dc9-f2dd6f80d968?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23821 + metadata: + fofa-query: "wp-content/plugins/wp-cookies-alert/" + google-query: inurl:"/wp-content/plugins/wp-cookies-alert/" + shodan-query: 'vuln:CVE-2025-23821' + tags: cve,wordpress,wp-plugin,wp-cookies-alert,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-cookies-alert/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-cookies-alert" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23822-d2bd5e1fcc45745c0eb00a3072b219a5.yaml b/nuclei-templates/2025/CVE-2025-23822-d2bd5e1fcc45745c0eb00a3072b219a5.yaml new file mode 100644 index 0000000000..1f7f81e6fd --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23822-d2bd5e1fcc45745c0eb00a3072b219a5.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23822-d2bd5e1fcc45745c0eb00a3072b219a5 + +info: + name: > + Category Custom Fields <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Category Custom Fields plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/78393d56-5e83-4eac-bee7-a194aaaa8f5e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23822 + metadata: + fofa-query: "wp-content/plugins/categorycustomfields/" + google-query: inurl:"/wp-content/plugins/categorycustomfields/" + shodan-query: 'vuln:CVE-2025-23822' + tags: cve,wordpress,wp-plugin,categorycustomfields,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/categorycustomfields/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "categorycustomfields" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23823-3afd33bd960aa8f50f8dfc5f9d2da391.yaml b/nuclei-templates/2025/CVE-2025-23823-3afd33bd960aa8f50f8dfc5f9d2da391.yaml new file mode 100644 index 0000000000..ebe50c0874 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23823-3afd33bd960aa8f50f8dfc5f9d2da391.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23823-3afd33bd960aa8f50f8dfc5f9d2da391 + +info: + name: > + CNZZ&51LA for WordPress <= 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The CNZZ&51LA for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4cfb2dd0-d8f8-48ce-bcf4-be4763cabb02?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23823 + metadata: + fofa-query: "wp-content/plugins/cnzz51la-for-wordpress/" + google-query: inurl:"/wp-content/plugins/cnzz51la-for-wordpress/" + shodan-query: 'vuln:CVE-2025-23823' + tags: cve,wordpress,wp-plugin,cnzz51la-for-wordpress,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cnzz51la-for-wordpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cnzz51la-for-wordpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23824-f622baf0ad30318137cfdc7f08f80f7b.yaml b/nuclei-templates/2025/CVE-2025-23824-f622baf0ad30318137cfdc7f08f80f7b.yaml new file mode 100644 index 0000000000..56052465dc --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23824-f622baf0ad30318137cfdc7f08f80f7b.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23824-f622baf0ad30318137cfdc7f08f80f7b + +info: + name: > + FontAwesome.io ShortCodes <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The FontAwesome.io ShortCodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8494c3b1-350e-4d78-9acb-9d5e876e4ab1?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-23824 + metadata: + fofa-query: "wp-content/plugins/fontawesomeio-shortcodes/" + google-query: inurl:"/wp-content/plugins/fontawesomeio-shortcodes/" + shodan-query: 'vuln:CVE-2025-23824' + tags: cve,wordpress,wp-plugin,fontawesomeio-shortcodes,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fontawesomeio-shortcodes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fontawesomeio-shortcodes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23825-360a695ee6da5b474debdf41c513de8b.yaml b/nuclei-templates/2025/CVE-2025-23825-360a695ee6da5b474debdf41c513de8b.yaml new file mode 100644 index 0000000000..d69aa8468a --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23825-360a695ee6da5b474debdf41c513de8b.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23825-360a695ee6da5b474debdf41c513de8b + +info: + name: > + Easy Shortcode Buttons <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Easy Shortcode Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/55a64d00-a750-47b0-bc0b-95ad043ccb85?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-23825 + metadata: + fofa-query: "wp-content/plugins/easy-shortcode-buttons/" + google-query: inurl:"/wp-content/plugins/easy-shortcode-buttons/" + shodan-query: 'vuln:CVE-2025-23825' + tags: cve,wordpress,wp-plugin,easy-shortcode-buttons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-shortcode-buttons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-shortcode-buttons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23826-a41f23b7022333decb44d3f70356590b.yaml b/nuclei-templates/2025/CVE-2025-23826-a41f23b7022333decb44d3f70356590b.yaml new file mode 100644 index 0000000000..50eef16d76 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23826-a41f23b7022333decb44d3f70356590b.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23826-a41f23b7022333decb44d3f70356590b + +info: + name: > + Stop Comment Spam <= 0.5.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Stop Comment Spam plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.5.3. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cae45f7d-0ffe-41c4-9d1c-3211d6f86e5c?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23826 + metadata: + fofa-query: "wp-content/plugins/stop-comment-spam/" + google-query: inurl:"/wp-content/plugins/stop-comment-spam/" + shodan-query: 'vuln:CVE-2025-23826' + tags: cve,wordpress,wp-plugin,stop-comment-spam,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/stop-comment-spam/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "stop-comment-spam" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.5.3') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23827-52892721f56d585b076c178e832009a7.yaml b/nuclei-templates/2025/CVE-2025-23827-52892721f56d585b076c178e832009a7.yaml new file mode 100644 index 0000000000..e839a5f8b7 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23827-52892721f56d585b076c178e832009a7.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23827-52892721f56d585b076c178e832009a7 + +info: + name: > + Strx Magic Floating Sidebar Maker <= 1.4.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Strx Magic Floating Sidebar Maker plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/97411fd3-72c0-4715-be1c-c01e8744d278?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23827 + metadata: + fofa-query: "wp-content/plugins/strx-magic-floating-sidebar-maker/" + google-query: inurl:"/wp-content/plugins/strx-magic-floating-sidebar-maker/" + shodan-query: 'vuln:CVE-2025-23827' + tags: cve,wordpress,wp-plugin,strx-magic-floating-sidebar-maker,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/strx-magic-floating-sidebar-maker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "strx-magic-floating-sidebar-maker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23828-651303b96edba5d07d0397bd2902963f.yaml b/nuclei-templates/2025/CVE-2025-23828-651303b96edba5d07d0397bd2902963f.yaml new file mode 100644 index 0000000000..2878521131 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23828-651303b96edba5d07d0397bd2902963f.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23828-651303b96edba5d07d0397bd2902963f + +info: + name: > + WordPress Data Guard <= 8 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The WordPress Data Guard Website Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 8. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8ada3f45-e9f3-46f0-810a-26545a1a54d9?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23828 + metadata: + fofa-query: "wp-content/plugins/wordpress-data-guards/" + google-query: inurl:"/wp-content/plugins/wordpress-data-guards/" + shodan-query: 'vuln:CVE-2025-23828' + tags: cve,wordpress,wp-plugin,wordpress-data-guards,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordpress-data-guards/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordpress-data-guards" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23830-9486afe90795cd2dd72b498a349d08b8.yaml b/nuclei-templates/2025/CVE-2025-23830-9486afe90795cd2dd72b498a349d08b8.yaml new file mode 100644 index 0000000000..1ff2529ffc --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23830-9486afe90795cd2dd72b498a349d08b8.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23830-9486afe90795cd2dd72b498a349d08b8 + +info: + name: > + JB Horizontal Scroller News Ticker <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The JB Horizontal Scroller News Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/68f75333-5165-42ac-808e-69b20a8d7f19?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-23830 + metadata: + fofa-query: "wp-content/plugins/jb-horizontal-scroller-news-ticker/" + google-query: inurl:"/wp-content/plugins/jb-horizontal-scroller-news-ticker/" + shodan-query: 'vuln:CVE-2025-23830' + tags: cve,wordpress,wp-plugin,jb-horizontal-scroller-news-ticker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jb-horizontal-scroller-news-ticker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jb-horizontal-scroller-news-ticker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23831-db80ef3609f181a7093fe482e26d4065.yaml b/nuclei-templates/2025/CVE-2025-23831-db80ef3609f181a7093fe482e26d4065.yaml new file mode 100644 index 0000000000..ae7cf259c4 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23831-db80ef3609f181a7093fe482e26d4065.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23831-db80ef3609f181a7093fe482e26d4065 + +info: + name: > + QR Code Generator <= 1.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The QR Code Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8c176594-989c-4f3a-94c9-57e1a6ff3a69?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-23831 + metadata: + fofa-query: "wp-content/plugins/qrcode-wprhe/" + google-query: inurl:"/wp-content/plugins/qrcode-wprhe/" + shodan-query: 'vuln:CVE-2025-23831' + tags: cve,wordpress,wp-plugin,qrcode-wprhe,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/qrcode-wprhe/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "qrcode-wprhe" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.6') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23832-34ea11344cf4f33ad19c3327ac103a33.yaml b/nuclei-templates/2025/CVE-2025-23832-34ea11344cf4f33ad19c3327ac103a33.yaml new file mode 100644 index 0000000000..399cdf4a94 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23832-34ea11344cf4f33ad19c3327ac103a33.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23832-34ea11344cf4f33ad19c3327ac103a33 + +info: + name: > + Admin Cleanup <= 1.0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Admin Cleanup plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8278debf-074f-40ba-ae35-db278a73880e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23832 + metadata: + fofa-query: "wp-content/plugins/admin-cleanup/" + google-query: inurl:"/wp-content/plugins/admin-cleanup/" + shodan-query: 'vuln:CVE-2025-23832' + tags: cve,wordpress,wp-plugin,admin-cleanup,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/admin-cleanup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "admin-cleanup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.2') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23833-1b7f404cc697d2644c799b84350e7dba.yaml b/nuclei-templates/2025/CVE-2025-23833-1b7f404cc697d2644c799b84350e7dba.yaml new file mode 100644 index 0000000000..dc17af3bf4 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23833-1b7f404cc697d2644c799b84350e7dba.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23833-1b7f404cc697d2644c799b84350e7dba + +info: + name: > + Links/Problem Reporter <= 2.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Links/Problem Reporter plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.6.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5947596b-12c6-492c-bebe-a935a24f4c3e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-23833 + metadata: + fofa-query: "wp-content/plugins/report-broken-links/" + google-query: inurl:"/wp-content/plugins/report-broken-links/" + shodan-query: 'vuln:CVE-2025-23833' + tags: cve,wordpress,wp-plugin,report-broken-links,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/report-broken-links/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "report-broken-links" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23841-6c492f5269d26db2e2cced1c42b64e11.yaml b/nuclei-templates/2025/CVE-2025-23841-6c492f5269d26db2e2cced1c42b64e11.yaml new file mode 100644 index 0000000000..c2a233eaaa --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23841-6c492f5269d26db2e2cced1c42b64e11.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23841-6c492f5269d26db2e2cced1c42b64e11 + +info: + name: > + Top Flash Embed <= 0.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Top Flash Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 0.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/026b72f5-b650-4d48-8564-450a22ea7784?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-23841 + metadata: + fofa-query: "wp-content/plugins/top-flash-embed/" + google-query: inurl:"/wp-content/plugins/top-flash-embed/" + shodan-query: 'vuln:CVE-2025-23841' + tags: cve,wordpress,wp-plugin,top-flash-embed,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/top-flash-embed/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "top-flash-embed" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.3.4') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23842-2037c99c15195bff014dc5e42c2bcae1.yaml b/nuclei-templates/2025/CVE-2025-23842-2037c99c15195bff014dc5e42c2bcae1.yaml new file mode 100644 index 0000000000..d428614e03 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23842-2037c99c15195bff014dc5e42c2bcae1.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23842-2037c99c15195bff014dc5e42c2bcae1 + +info: + name: > + WordPress Gallery Plugin <= 1.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The WordPress Gallery Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/875fbe6e-436c-445c-bd0c-0e6beae3fbf2?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23842 + metadata: + fofa-query: "wp-content/plugins/wordpress-gallery-plugin/" + google-query: inurl:"/wp-content/plugins/wordpress-gallery-plugin/" + shodan-query: 'vuln:CVE-2025-23842' + tags: cve,wordpress,wp-plugin,wordpress-gallery-plugin,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordpress-gallery-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordpress-gallery-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23844-d72f136db1269417cddb7b8062f1b43d.yaml b/nuclei-templates/2025/CVE-2025-23844-d72f136db1269417cddb7b8062f1b43d.yaml new file mode 100644 index 0000000000..e3a12f0c2f --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23844-d72f136db1269417cddb7b8062f1b43d.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23844-d72f136db1269417cddb7b8062f1b43d + +info: + name: > + Custom Widget Classes <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Custom Widget Classes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a1f2925e-033e-46aa-9a61-bddc0f350d5c?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23844 + metadata: + fofa-query: "wp-content/plugins/custom-widget-classes/" + google-query: inurl:"/wp-content/plugins/custom-widget-classes/" + shodan-query: 'vuln:CVE-2025-23844' + tags: cve,wordpress,wp-plugin,custom-widget-classes,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-widget-classes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-widget-classes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23848-0e9475a25f1f722f969b53d4c36a5f32.yaml b/nuclei-templates/2025/CVE-2025-23848-0e9475a25f1f722f969b53d4c36a5f32.yaml new file mode 100644 index 0000000000..3f3378c51d --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23848-0e9475a25f1f722f969b53d4c36a5f32.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23848-0e9475a25f1f722f969b53d4c36a5f32 + +info: + name: > + Hotspots Analytics <= 4.0.12 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Hotspots Analytics plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.0.12. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4591fb15-a280-42d2-91f6-6c33bbe64e22?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23848 + metadata: + fofa-query: "wp-content/plugins/hotspots/" + google-query: inurl:"/wp-content/plugins/hotspots/" + shodan-query: 'vuln:CVE-2025-23848' + tags: cve,wordpress,wp-plugin,hotspots,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/hotspots/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "hotspots" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.12') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23854-02597b72954430e13739f3725c79b5e3.yaml b/nuclei-templates/2025/CVE-2025-23854-02597b72954430e13739f3725c79b5e3.yaml new file mode 100644 index 0000000000..8029101686 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23854-02597b72954430e13739f3725c79b5e3.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23854-02597b72954430e13739f3725c79b5e3 + +info: + name: > + Shoutcast and Icecast HTML5 Web Radio Player by YesStreaming.com <= 3.3 - Authenticated (Editor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Shoutcast and Icecast HTML5 Web Radio Player by YesStreaming.com plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8bc78a2b-dc7c-4ee9-8721-e644f3670091?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N + cvss-score: 4.4 + cve-id: CVE-2025-23854 + metadata: + fofa-query: "wp-content/plugins/shoutcast-and-icecast-html5-web-radio-player-by-yesstreaming-com/" + google-query: inurl:"/wp-content/plugins/shoutcast-and-icecast-html5-web-radio-player-by-yesstreaming-com/" + shodan-query: 'vuln:CVE-2025-23854' + tags: cve,wordpress,wp-plugin,shoutcast-and-icecast-html5-web-radio-player-by-yesstreaming-com,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shoutcast-and-icecast-html5-web-radio-player-by-yesstreaming-com/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shoutcast-and-icecast-html5-web-radio-player-by-yesstreaming-com" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23856-234b830d830d2a2e9ca646b960eeeba2.yaml b/nuclei-templates/2025/CVE-2025-23856-234b830d830d2a2e9ca646b960eeeba2.yaml new file mode 100644 index 0000000000..af7750a095 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23856-234b830d830d2a2e9ca646b960eeeba2.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23856-234b830d830d2a2e9ca646b960eeeba2 + +info: + name: > + Simple Vertical Timeline <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Simple Vertical Timeline plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b4fe5d61-2607-48a1-938b-f008c18c7c81?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-23856 + metadata: + fofa-query: "wp-content/plugins/simple-vertical-timeline/" + google-query: inurl:"/wp-content/plugins/simple-vertical-timeline/" + shodan-query: 'vuln:CVE-2025-23856' + tags: cve,wordpress,wp-plugin,simple-vertical-timeline,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-vertical-timeline/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-vertical-timeline" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23859-6f386fb05c26e8528252f068abe46196.yaml b/nuclei-templates/2025/CVE-2025-23859-6f386fb05c26e8528252f068abe46196.yaml new file mode 100644 index 0000000000..cfd536e2f4 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23859-6f386fb05c26e8528252f068abe46196.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23859-6f386fb05c26e8528252f068abe46196 + +info: + name: > + Daily Proverb <= 2.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Daily Proverb plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/566f19d0-f0b6-47f4-b09a-3c9613ea8057?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-23859 + metadata: + fofa-query: "wp-content/plugins/daily-proverb/" + google-query: inurl:"/wp-content/plugins/daily-proverb/" + shodan-query: 'vuln:CVE-2025-23859' + tags: cve,wordpress,wp-plugin,daily-proverb,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/daily-proverb/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "daily-proverb" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.3') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23860-919cbf0ed341ebb06e4f793e36baf11e.yaml b/nuclei-templates/2025/CVE-2025-23860-919cbf0ed341ebb06e4f793e36baf11e.yaml new file mode 100644 index 0000000000..5cb768a53b --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23860-919cbf0ed341ebb06e4f793e36baf11e.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23860-919cbf0ed341ebb06e4f793e36baf11e + +info: + name: > + Charity-thermometer <= 1.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Charity-thermometer plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d27090ca-4a6d-4533-a013-674cfc756d25?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-23860 + metadata: + fofa-query: "wp-content/plugins/charitydonation-thermometer/" + google-query: inurl:"/wp-content/plugins/charitydonation-thermometer/" + shodan-query: 'vuln:CVE-2025-23860' + tags: cve,wordpress,wp-plugin,charitydonation-thermometer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/charitydonation-thermometer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "charitydonation-thermometer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23861-b99be0a35c44ed3da77bb4b9dfe5f5ed.yaml b/nuclei-templates/2025/CVE-2025-23861-b99be0a35c44ed3da77bb4b9dfe5f5ed.yaml new file mode 100644 index 0000000000..b43e090a1b --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23861-b99be0a35c44ed3da77bb4b9dfe5f5ed.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23861-b99be0a35c44ed3da77bb4b9dfe5f5ed + +info: + name: > + Debt Calculator <= 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Debt Calculator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/24e27ec0-a543-4900-839e-fbe4bc5a746f?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23861 + metadata: + fofa-query: "wp-content/plugins/debt-calculator/" + google-query: inurl:"/wp-content/plugins/debt-calculator/" + shodan-query: 'vuln:CVE-2025-23861' + tags: cve,wordpress,wp-plugin,debt-calculator,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/debt-calculator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "debt-calculator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23862-009d155f495e5459b34a9c3952290516.yaml b/nuclei-templates/2025/CVE-2025-23862-009d155f495e5459b34a9c3952290516.yaml new file mode 100644 index 0000000000..f5ae463aa8 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23862-009d155f495e5459b34a9c3952290516.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23862-009d155f495e5459b34a9c3952290516 + +info: + name: > + Contact Form 7 Anti Spambot <= 1.0.1 - Missing Authorization + author: topscoder + severity: high + description: > + The Contact Form 7 Anti Spambot plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.0.1. This makes it possible for unauthenticated attackers to perform an unauthorized action. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9f85a44f-d2c7-4990-9dd3-9f5de78b3458?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N + cvss-score: 5.3 + cve-id: CVE-2025-23862 + metadata: + fofa-query: "wp-content/plugins/contact-form-7-anti-spambot/" + google-query: inurl:"/wp-content/plugins/contact-form-7-anti-spambot/" + shodan-query: 'vuln:CVE-2025-23862' + tags: cve,wordpress,wp-plugin,contact-form-7-anti-spambot,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-7-anti-spambot/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-7-anti-spambot" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23863-3be8da10266522b4bb7d75d8cc3f4bbe.yaml b/nuclei-templates/2025/CVE-2025-23863-3be8da10266522b4bb7d75d8cc3f4bbe.yaml new file mode 100644 index 0000000000..d46d798938 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23863-3be8da10266522b4bb7d75d8cc3f4bbe.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23863-3be8da10266522b4bb7d75d8cc3f4bbe + +info: + name: > + Rollover Tab <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Rollover Tab plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9681ecf9-e020-4b3a-ad31-f8f203d548aa?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-23863 + metadata: + fofa-query: "wp-content/plugins/rollover-tab/" + google-query: inurl:"/wp-content/plugins/rollover-tab/" + shodan-query: 'vuln:CVE-2025-23863' + tags: cve,wordpress,wp-plugin,rollover-tab,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rollover-tab/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rollover-tab" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.2') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23864-89c84e71f5754cf3a74358c0839e7fb1.yaml b/nuclei-templates/2025/CVE-2025-23864-89c84e71f5754cf3a74358c0839e7fb1.yaml new file mode 100644 index 0000000000..e21a82f223 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23864-89c84e71f5754cf3a74358c0839e7fb1.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23864-89c84e71f5754cf3a74358c0839e7fb1 + +info: + name: > + WCS QR Code Generator <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The WCS QR Code Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9aa98012-1c0c-402d-9e4f-89b2d45f71e1?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-23864 + metadata: + fofa-query: "wp-content/plugins/wcs-qr-code-generator/" + google-query: inurl:"/wp-content/plugins/wcs-qr-code-generator/" + shodan-query: 'vuln:CVE-2025-23864' + tags: cve,wordpress,wp-plugin,wcs-qr-code-generator,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wcs-qr-code-generator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wcs-qr-code-generator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23865-7738b7a97663601bb747303311b05f2a.yaml b/nuclei-templates/2025/CVE-2025-23865-7738b7a97663601bb747303311b05f2a.yaml new file mode 100644 index 0000000000..4cef4cc2fd --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23865-7738b7a97663601bb747303311b05f2a.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23865-7738b7a97663601bb747303311b05f2a + +info: + name: > + Winning Portfolio <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Winning Portfolio plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ac18b418-ac7d-4cc3-b377-43e5a23b39ed?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-23865 + metadata: + fofa-query: "wp-content/plugins/winning-portfolio/" + google-query: inurl:"/wp-content/plugins/winning-portfolio/" + shodan-query: 'vuln:CVE-2025-23865' + tags: cve,wordpress,wp-plugin,winning-portfolio,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/winning-portfolio/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "winning-portfolio" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23867-b4d4f08a0c7143c101c8232344c00f25.yaml b/nuclei-templates/2025/CVE-2025-23867-b4d4f08a0c7143c101c8232344c00f25.yaml new file mode 100644 index 0000000000..b90a8ad457 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23867-b4d4f08a0c7143c101c8232344c00f25.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23867-b4d4f08a0c7143c101c8232344c00f25 + +info: + name: > + WordPress File Search <= 1.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The WordPress File Search plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/82d6fc5d-8678-4459-8d2a-423803629d10?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23867 + metadata: + fofa-query: "wp-content/plugins/wpfilesearch/" + google-query: inurl:"/wp-content/plugins/wpfilesearch/" + shodan-query: 'vuln:CVE-2025-23867' + tags: cve,wordpress,wp-plugin,wpfilesearch,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpfilesearch/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpfilesearch" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23868-66721cd0f2ce8fba709fcb27af33a76b.yaml b/nuclei-templates/2025/CVE-2025-23868-66721cd0f2ce8fba709fcb27af33a76b.yaml new file mode 100644 index 0000000000..7758e77445 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23868-66721cd0f2ce8fba709fcb27af33a76b.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23868-66721cd0f2ce8fba709fcb27af33a76b + +info: + name: > + Chess Tempo Viewer <= 0.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Chess Tempo Viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 0.9.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0084ec4e-1c10-4bfe-a7c6-155aa9a48dc1?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-23868 + metadata: + fofa-query: "wp-content/plugins/chesstempoviewer/" + google-query: inurl:"/wp-content/plugins/chesstempoviewer/" + shodan-query: 'vuln:CVE-2025-23868' + tags: cve,wordpress,wp-plugin,chesstempoviewer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/chesstempoviewer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "chesstempoviewer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.9.5') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23869-d61c868b003addf42fbed062b553ef67.yaml b/nuclei-templates/2025/CVE-2025-23869-d61c868b003addf42fbed062b553ef67.yaml new file mode 100644 index 0000000000..1acf361ff5 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23869-d61c868b003addf42fbed062b553ef67.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23869-d61c868b003addf42fbed062b553ef67 + +info: + name: > + CJ Custom Content <= 2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The CJ Custom Content plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/57f77795-57bc-4448-baf1-b9da6b0c61b7?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23869 + metadata: + fofa-query: "wp-content/plugins/cj-custom-content/" + google-query: inurl:"/wp-content/plugins/cj-custom-content/" + shodan-query: 'vuln:CVE-2025-23869' + tags: cve,wordpress,wp-plugin,cj-custom-content,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cj-custom-content/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cj-custom-content" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23870-1394eaed30a04480b330c43b110a8990.yaml b/nuclei-templates/2025/CVE-2025-23870-1394eaed30a04480b330c43b110a8990.yaml new file mode 100644 index 0000000000..7fe188acc7 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23870-1394eaed30a04480b330c43b110a8990.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23870-1394eaed30a04480b330c43b110a8990 + +info: + name: > + Copyright Safeguard Footer Notice <= 3.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Copyright Safeguard Footer Notice plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e486b0b5-5ee6-4ea2-bf0d-45a4302ce20f?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23870 + metadata: + fofa-query: "wp-content/plugins/copyright-safeguard-footer-notice/" + google-query: inurl:"/wp-content/plugins/copyright-safeguard-footer-notice/" + shodan-query: 'vuln:CVE-2025-23870' + tags: cve,wordpress,wp-plugin,copyright-safeguard-footer-notice,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/copyright-safeguard-footer-notice/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "copyright-safeguard-footer-notice" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23871-7924fdb10f6a2d2872bbcd7d0d252ab9.yaml b/nuclei-templates/2025/CVE-2025-23871-7924fdb10f6a2d2872bbcd7d0d252ab9.yaml new file mode 100644 index 0000000000..5ad9cac7ed --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23871-7924fdb10f6a2d2872bbcd7d0d252ab9.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23871-7924fdb10f6a2d2872bbcd7d0d252ab9 + +info: + name: > + LSD Google Maps Embedder <= 1.1 - Cross-Site Request Forgery Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The LSD Google Maps Embedder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/680865ad-41f3-4c7a-889c-464b69872b72?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23871 + metadata: + fofa-query: "wp-content/plugins/lsd-google-maps-embedder/" + google-query: inurl:"/wp-content/plugins/lsd-google-maps-embedder/" + shodan-query: 'vuln:CVE-2025-23871' + tags: cve,wordpress,wp-plugin,lsd-google-maps-embedder,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/lsd-google-maps-embedder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "lsd-google-maps-embedder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23872-2cc5bbeac1c6aae9aea9cd122986624e.yaml b/nuclei-templates/2025/CVE-2025-23872-2cc5bbeac1c6aae9aea9cd122986624e.yaml new file mode 100644 index 0000000000..bd1f1317a6 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23872-2cc5bbeac1c6aae9aea9cd122986624e.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23872-2cc5bbeac1c6aae9aea9cd122986624e + +info: + name: > + PayForm <= 2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Stripe and PayPal Payment Forms for WordPress – PayForm plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9c397428-7f4e-4775-b520-e47328cbe753?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23872 + metadata: + fofa-query: "wp-content/plugins/payform/" + google-query: inurl:"/wp-content/plugins/payform/" + shodan-query: 'vuln:CVE-2025-23872' + tags: cve,wordpress,wp-plugin,payform,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/payform/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "payform" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23873-a16b410f2a23595db87cb16755de5d48.yaml b/nuclei-templates/2025/CVE-2025-23873-a16b410f2a23595db87cb16755de5d48.yaml new file mode 100644 index 0000000000..86c5e7adce --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23873-a16b410f2a23595db87cb16755de5d48.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23873-a16b410f2a23595db87cb16755de5d48 + +info: + name: > + Category D3 Tree <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Category D3 Tree plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/240fbd3b-3daf-415e-9551-76e3909508da?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-23873 + metadata: + fofa-query: "wp-content/plugins/category-d3-tree/" + google-query: inurl:"/wp-content/plugins/category-d3-tree/" + shodan-query: 'vuln:CVE-2025-23873' + tags: cve,wordpress,wp-plugin,category-d3-tree,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/category-d3-tree/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "category-d3-tree" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23875-a482122ab5b50df85deb7f88b8b45627.yaml b/nuclei-templates/2025/CVE-2025-23875-a482122ab5b50df85deb7f88b8b45627.yaml new file mode 100644 index 0000000000..4154ed6b17 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23875-a482122ab5b50df85deb7f88b8b45627.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23875-a482122ab5b50df85deb7f88b8b45627 + +info: + name: > + Better Protected Pages <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Better Protected Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0e7825de-dc11-4471-820b-a5b189a7d61c?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23875 + metadata: + fofa-query: "wp-content/plugins/better-protected-pages/" + google-query: inurl:"/wp-content/plugins/better-protected-pages/" + shodan-query: 'vuln:CVE-2025-23875' + tags: cve,wordpress,wp-plugin,better-protected-pages,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/better-protected-pages/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "better-protected-pages" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23876-292b1718cb52be0209874d22af0dc446.yaml b/nuclei-templates/2025/CVE-2025-23876-292b1718cb52be0209874d22af0dc446.yaml new file mode 100644 index 0000000000..6eed3695e9 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23876-292b1718cb52be0209874d22af0dc446.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23876-292b1718cb52be0209874d22af0dc446 + +info: + name: > + WP krpano <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The WP krpano plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d2e60da7-25c6-44e9-aa62-ed32f0f5b0e0?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-23876 + metadata: + fofa-query: "wp-content/plugins/wp-krpano/" + google-query: inurl:"/wp-content/plugins/wp-krpano/" + shodan-query: 'vuln:CVE-2025-23876' + tags: cve,wordpress,wp-plugin,wp-krpano,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-krpano/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-krpano" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23877-7eed407dbdf2cab1cbda793b20565abd.yaml b/nuclei-templates/2025/CVE-2025-23877-7eed407dbdf2cab1cbda793b20565abd.yaml new file mode 100644 index 0000000000..c365776c17 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23877-7eed407dbdf2cab1cbda793b20565abd.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23877-7eed407dbdf2cab1cbda793b20565abd + +info: + name: > + Nite Shortcodes <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Nite Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/29a39cd9-a190-40b3-897d-c7a6ac781605?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-23877 + metadata: + fofa-query: "wp-content/plugins/nite-shortcodes/" + google-query: inurl:"/wp-content/plugins/nite-shortcodes/" + shodan-query: 'vuln:CVE-2025-23877' + tags: cve,wordpress,wp-plugin,nite-shortcodes,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nite-shortcodes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nite-shortcodes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23878-d7614626e046db73962592d595e29e4f.yaml b/nuclei-templates/2025/CVE-2025-23878-d7614626e046db73962592d595e29e4f.yaml new file mode 100644 index 0000000000..b3beadc284 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23878-d7614626e046db73962592d595e29e4f.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23878-d7614626e046db73962592d595e29e4f + +info: + name: > + Post-to-Post Links <= 4.2 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Post-to-Post Links plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/67fc59b6-7b6e-4dcb-b86a-c2236cb263f4?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N + cvss-score: 4.4 + cve-id: CVE-2025-23878 + metadata: + fofa-query: "wp-content/plugins/easy-post-to-post-links/" + google-query: inurl:"/wp-content/plugins/easy-post-to-post-links/" + shodan-query: 'vuln:CVE-2025-23878' + tags: cve,wordpress,wp-plugin,easy-post-to-post-links,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-post-to-post-links/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-post-to-post-links" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23880-cfd5b1a92756bbdada7a4b7c41362823.yaml b/nuclei-templates/2025/CVE-2025-23880-cfd5b1a92756bbdada7a4b7c41362823.yaml new file mode 100644 index 0000000000..acfe0c3714 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23880-cfd5b1a92756bbdada7a4b7c41362823.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23880-cfd5b1a92756bbdada7a4b7c41362823 + +info: + name: > + amr personalise <= 2.10 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The amr personalise plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.10. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d70eed02-d362-4bbe-aba0-df46e61777a3?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23880 + metadata: + fofa-query: "wp-content/plugins/amr-personalise/" + google-query: inurl:"/wp-content/plugins/amr-personalise/" + shodan-query: 'vuln:CVE-2025-23880' + tags: cve,wordpress,wp-plugin,amr-personalise,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/amr-personalise/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "amr-personalise" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.10') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23884-b33a5fc0e23b2dd313863f5a8f19d33e.yaml b/nuclei-templates/2025/CVE-2025-23884-b33a5fc0e23b2dd313863f5a8f19d33e.yaml new file mode 100644 index 0000000000..c96f845ce3 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23884-b33a5fc0e23b2dd313863f5a8f19d33e.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23884-b33a5fc0e23b2dd313863f5a8f19d33e + +info: + name: > + Annie <= 2.1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Annie plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/444d69f5-8b8d-4e4b-bb6c-ad1ddcc7a867?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23884 + metadata: + fofa-query: "wp-content/plugins/annie/" + google-query: inurl:"/wp-content/plugins/annie/" + shodan-query: 'vuln:CVE-2025-23884' + tags: cve,wordpress,wp-plugin,annie,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/annie/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "annie" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23886-0ddf92233794a576544b721d05a256b4.yaml b/nuclei-templates/2025/CVE-2025-23886-0ddf92233794a576544b721d05a256b4.yaml new file mode 100644 index 0000000000..0f83d81efc --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23886-0ddf92233794a576544b721d05a256b4.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23886-0ddf92233794a576544b721d05a256b4 + +info: + name: > + Annie <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Annie plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/45c1888e-ea46-43b9-bfab-069a972fa9a2?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-23886 + metadata: + fofa-query: "wp-content/plugins/annie/" + google-query: inurl:"/wp-content/plugins/annie/" + shodan-query: 'vuln:CVE-2025-23886' + tags: cve,wordpress,wp-plugin,annie,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/annie/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "annie" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23887-df9f6c226d9bead08fc735cc56235180.yaml b/nuclei-templates/2025/CVE-2025-23887-df9f6c226d9bead08fc735cc56235180.yaml new file mode 100644 index 0000000000..523f7986a6 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23887-df9f6c226d9bead08fc735cc56235180.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23887-df9f6c226d9bead08fc735cc56235180 + +info: + name: > + Blog Summary <= 0.1.2 β - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Blog Summary plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 0.1.2 β due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f7960d2b-8691-4a33-bab9-dc637743f12a?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-23887 + metadata: + fofa-query: "wp-content/plugins/blog-summary/" + google-query: inurl:"/wp-content/plugins/blog-summary/" + shodan-query: 'vuln:CVE-2025-23887' + tags: cve,wordpress,wp-plugin,blog-summary,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/blog-summary/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "blog-summary" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= -0.1.2 β') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23890-7cc6fa79d77c26abb0815cdd937807ac.yaml b/nuclei-templates/2025/CVE-2025-23890-7cc6fa79d77c26abb0815cdd937807ac.yaml new file mode 100644 index 0000000000..4b6eabb832 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23890-7cc6fa79d77c26abb0815cdd937807ac.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23890-7cc6fa79d77c26abb0815cdd937807ac + +info: + name: > + Easy Tweet Embed <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Easy Tweet Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/86374310-748e-4adb-9d6f-6442fbb921be?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-23890 + metadata: + fofa-query: "wp-content/plugins/easy-tweet-embed/" + google-query: inurl:"/wp-content/plugins/easy-tweet-embed/" + shodan-query: 'vuln:CVE-2025-23890' + tags: cve,wordpress,wp-plugin,easy-tweet-embed,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-tweet-embed/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-tweet-embed" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23891-daafc42fdd637163c55d2d8205d4255b.yaml b/nuclei-templates/2025/CVE-2025-23891-daafc42fdd637163c55d2d8205d4255b.yaml new file mode 100644 index 0000000000..b62bd2b0e6 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23891-daafc42fdd637163c55d2d8205d4255b.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23891-daafc42fdd637163c55d2d8205d4255b + +info: + name: > + Yet Another Countdown <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Yet Another Countdown plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/84fdd899-46d9-4778-bd88-8df8f2f9e540?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-23891 + metadata: + fofa-query: "wp-content/plugins/yacp/" + google-query: inurl:"/wp-content/plugins/yacp/" + shodan-query: 'vuln:CVE-2025-23891' + tags: cve,wordpress,wp-plugin,yacp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yacp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yacp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23892-528614959a5bd3a5dfbe28dfee726c93.yaml b/nuclei-templates/2025/CVE-2025-23892-528614959a5bd3a5dfbe28dfee726c93.yaml new file mode 100644 index 0000000000..0df080e6c7 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23892-528614959a5bd3a5dfbe28dfee726c93.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23892-528614959a5bd3a5dfbe28dfee726c93 + +info: + name: > + Progress Tracker <= 0.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Progress Tracker plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 0.9.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/946f9596-3212-4208-a7e2-9e33a21dd97c?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-23892 + metadata: + fofa-query: "wp-content/plugins/progress-tracker/" + google-query: inurl:"/wp-content/plugins/progress-tracker/" + shodan-query: 'vuln:CVE-2025-23892' + tags: cve,wordpress,wp-plugin,progress-tracker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/progress-tracker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "progress-tracker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.9.3') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23893-784c65d54878157e30380d8f150d57eb.yaml b/nuclei-templates/2025/CVE-2025-23893-784c65d54878157e30380d8f150d57eb.yaml new file mode 100644 index 0000000000..07f7eff481 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23893-784c65d54878157e30380d8f150d57eb.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23893-784c65d54878157e30380d8f150d57eb + +info: + name: > + GMap Shortcode <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The GMap Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4b0f0db2-13bc-48fd-b78c-9e0eb644aec1?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-23893 + metadata: + fofa-query: "wp-content/plugins/gmap-shortcode/" + google-query: inurl:"/wp-content/plugins/gmap-shortcode/" + shodan-query: 'vuln:CVE-2025-23893' + tags: cve,wordpress,wp-plugin,gmap-shortcode,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gmap-shortcode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gmap-shortcode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23895-b7b37440ec5ec07af181cb13273dd347.yaml b/nuclei-templates/2025/CVE-2025-23895-b7b37440ec5ec07af181cb13273dd347.yaml new file mode 100644 index 0000000000..6596ae9964 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23895-b7b37440ec5ec07af181cb13273dd347.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23895-b7b37440ec5ec07af181cb13273dd347 + +info: + name: > + Add RSS <= 1.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Add RSS plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1eb76b3f-b7ac-4de2-a3fa-fbbebc81996c?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23895 + metadata: + fofa-query: "wp-content/plugins/add-rss/" + google-query: inurl:"/wp-content/plugins/add-rss/" + shodan-query: 'vuln:CVE-2025-23895' + tags: cve,wordpress,wp-plugin,add-rss,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/add-rss/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "add-rss" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23896-102ffaf8019c7f68dff523337ec814eb.yaml b/nuclei-templates/2025/CVE-2025-23896-102ffaf8019c7f68dff523337ec814eb.yaml new file mode 100644 index 0000000000..6d92a4a81a --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23896-102ffaf8019c7f68dff523337ec814eb.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23896-102ffaf8019c7f68dff523337ec814eb + +info: + name: > + Mindmeister Shortcode <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Mindmeister Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/36e9e069-b649-4824-9388-36d8cb9cae49?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-23896 + metadata: + fofa-query: "wp-content/plugins/mindmeister-shortcode/" + google-query: inurl:"/wp-content/plugins/mindmeister-shortcode/" + shodan-query: 'vuln:CVE-2025-23896' + tags: cve,wordpress,wp-plugin,mindmeister-shortcode,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mindmeister-shortcode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mindmeister-shortcode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23897-6a91a5944ca9426cb418a084574b6088.yaml b/nuclei-templates/2025/CVE-2025-23897-6a91a5944ca9426cb418a084574b6088.yaml new file mode 100644 index 0000000000..919d18f06e --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23897-6a91a5944ca9426cb418a084574b6088.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23897-6a91a5944ca9426cb418a084574b6088 + +info: + name: > + Apply with LinkedIn buttons <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Apply with LinkedIn buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fd204edd-375e-437d-9964-bbf3b8abeab8?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-23897 + metadata: + fofa-query: "wp-content/plugins/apply-with-linkedin-buttons/" + google-query: inurl:"/wp-content/plugins/apply-with-linkedin-buttons/" + shodan-query: 'vuln:CVE-2025-23897' + tags: cve,wordpress,wp-plugin,apply-with-linkedin-buttons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/apply-with-linkedin-buttons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "apply-with-linkedin-buttons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23898-1f0ae3da51224bbddd6fcc498700380b.yaml b/nuclei-templates/2025/CVE-2025-23898-1f0ae3da51224bbddd6fcc498700380b.yaml new file mode 100644 index 0000000000..c2c4f88a85 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23898-1f0ae3da51224bbddd6fcc498700380b.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23898-1f0ae3da51224bbddd6fcc498700380b + +info: + name: > + Apply with LinkedIn buttons <= 2.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Apply with LinkedIn buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7c248e3d-b6b2-4064-9006-3ddd85079308?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23898 + metadata: + fofa-query: "wp-content/plugins/apply-with-linkedin-buttons/" + google-query: inurl:"/wp-content/plugins/apply-with-linkedin-buttons/" + shodan-query: 'vuln:CVE-2025-23898' + tags: cve,wordpress,wp-plugin,apply-with-linkedin-buttons,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/apply-with-linkedin-buttons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "apply-with-linkedin-buttons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23899-f146f459cc4de5d956bbaed7eabb22f9.yaml b/nuclei-templates/2025/CVE-2025-23899-f146f459cc4de5d956bbaed7eabb22f9.yaml new file mode 100644 index 0000000000..3bd32dbcad --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23899-f146f459cc4de5d956bbaed7eabb22f9.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23899-f146f459cc4de5d956bbaed7eabb22f9 + +info: + name: > + Bookalet <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Bookalet plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/abe8133e-1407-43b5-a1fc-be800bd2aaca?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-23899 + metadata: + fofa-query: "wp-content/plugins/bookalet/" + google-query: inurl:"/wp-content/plugins/bookalet/" + shodan-query: 'vuln:CVE-2025-23899' + tags: cve,wordpress,wp-plugin,bookalet,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bookalet/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bookalet" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.3') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23900-61aced5fc4a902cb2e33657c369f5e04.yaml b/nuclei-templates/2025/CVE-2025-23900-61aced5fc4a902cb2e33657c369f5e04.yaml new file mode 100644 index 0000000000..87e817afb2 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23900-61aced5fc4a902cb2e33657c369f5e04.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23900-61aced5fc4a902cb2e33657c369f5e04 + +info: + name: > + Genki Announcement <= 1.4.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Genki Announcement plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a68c9151-9e1d-41d1-ae50-b59d1c833b29?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23900 + metadata: + fofa-query: "wp-content/plugins/genki-announcement/" + google-query: inurl:"/wp-content/plugins/genki-announcement/" + shodan-query: 'vuln:CVE-2025-23900' + tags: cve,wordpress,wp-plugin,genki-announcement,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/genki-announcement/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "genki-announcement" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23901-c08da0fa3221e26e7c4db6f6fe23cc22.yaml b/nuclei-templates/2025/CVE-2025-23901-c08da0fa3221e26e7c4db6f6fe23cc22.yaml new file mode 100644 index 0000000000..11a169f0af --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23901-c08da0fa3221e26e7c4db6f6fe23cc22.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23901-c08da0fa3221e26e7c4db6f6fe23cc22 + +info: + name: > + GravatarLocalCache <= 1.1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The GravatarLocalCache plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/113287e2-0d8e-4109-ab24-ba2283cc9964?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23901 + metadata: + fofa-query: "wp-content/plugins/gravatarlocalcache/" + google-query: inurl:"/wp-content/plugins/gravatarlocalcache/" + shodan-query: 'vuln:CVE-2025-23901' + tags: cve,wordpress,wp-plugin,gravatarlocalcache,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gravatarlocalcache/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gravatarlocalcache" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23902-bd600d166914850418f7cedbb12be011.yaml b/nuclei-templates/2025/CVE-2025-23902-bd600d166914850418f7cedbb12be011.yaml new file mode 100644 index 0000000000..953ac774c2 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23902-bd600d166914850418f7cedbb12be011.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23902-bd600d166914850418f7cedbb12be011 + +info: + name: > + Error Notification <= 0.2.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Error Notification plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2.7. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b11babc0-285e-4ea3-a3cc-21938af5d83c?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23902 + metadata: + fofa-query: "wp-content/plugins/error-notification/" + google-query: inurl:"/wp-content/plugins/error-notification/" + shodan-query: 'vuln:CVE-2025-23902' + tags: cve,wordpress,wp-plugin,error-notification,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/error-notification/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "error-notification" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.2.7') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23907-2360411c709055edcbce1281f9399928.yaml b/nuclei-templates/2025/CVE-2025-23907-2360411c709055edcbce1281f9399928.yaml new file mode 100644 index 0000000000..4a2b50facc --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23907-2360411c709055edcbce1281f9399928.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23907-2360411c709055edcbce1281f9399928 + +info: + name: > + SOCIAL.NINJA <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The SOCIAL.NINJA plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ba6e897e-8f6a-418a-98ec-7bb645aa2630?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-23907 + metadata: + fofa-query: "wp-content/plugins/seo-meta/" + google-query: inurl:"/wp-content/plugins/seo-meta/" + shodan-query: 'vuln:CVE-2025-23907' + tags: cve,wordpress,wp-plugin,seo-meta,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/seo-meta/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "seo-meta" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.2') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23908-a6fd01e8270142db21168223fa7aab84.yaml b/nuclei-templates/2025/CVE-2025-23908-a6fd01e8270142db21168223fa7aab84.yaml new file mode 100644 index 0000000000..32b99fd345 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23908-a6fd01e8270142db21168223fa7aab84.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23908-a6fd01e8270142db21168223fa7aab84 + +info: + name: > + Pastebin <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Pastebin plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a35b5dbd-6d29-404f-9363-a5787d35169c?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-23908 + metadata: + fofa-query: "wp-content/plugins/pastebin-embed/" + google-query: inurl:"/wp-content/plugins/pastebin-embed/" + shodan-query: 'vuln:CVE-2025-23908' + tags: cve,wordpress,wp-plugin,pastebin-embed,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pastebin-embed/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pastebin-embed" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23909-e982521e1d3f37c529266dcf8b5e22b2.yaml b/nuclei-templates/2025/CVE-2025-23909-e982521e1d3f37c529266dcf8b5e22b2.yaml new file mode 100644 index 0000000000..8939c3a082 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23909-e982521e1d3f37c529266dcf8b5e22b2.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23909-e982521e1d3f37c529266dcf8b5e22b2 + +info: + name: > + Compare Ninja <= 2.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Compare Ninja plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/717eba02-4ee0-4eb4-b1fb-0939e09d04c9?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-23909 + metadata: + fofa-query: "wp-content/plugins/compare-ninja-comparison-tables/" + google-query: inurl:"/wp-content/plugins/compare-ninja-comparison-tables/" + shodan-query: 'vuln:CVE-2025-23909' + tags: cve,wordpress,wp-plugin,compare-ninja-comparison-tables,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/compare-ninja-comparison-tables/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "compare-ninja-comparison-tables" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23910-e221d11780f08b48f817dfcb7703b677.yaml b/nuclei-templates/2025/CVE-2025-23910-e221d11780f08b48f817dfcb7703b677.yaml new file mode 100644 index 0000000000..06eefc3d2a --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23910-e221d11780f08b48f817dfcb7703b677.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23910-e221d11780f08b48f817dfcb7703b677 + +info: + name: > + Menus Plus+ <= 1.9.6 - Authenticated (Subscriber+) SQL Injection + author: topscoder + severity: low + description: > + The Menus Plus+ plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.9.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4f2fd4a2-4a99-479e-aa9d-3d847ba8f00c?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N + cvss-score: 6.5 + cve-id: CVE-2025-23910 + metadata: + fofa-query: "wp-content/plugins/menus-plus/" + google-query: inurl:"/wp-content/plugins/menus-plus/" + shodan-query: 'vuln:CVE-2025-23910' + tags: cve,wordpress,wp-plugin,menus-plus,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/menus-plus/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "menus-plus" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.6') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23911-d4e02e2e602979db26a10ec030ea447d.yaml b/nuclei-templates/2025/CVE-2025-23911-d4e02e2e602979db26a10ec030ea447d.yaml new file mode 100644 index 0000000000..b9945438f9 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23911-d4e02e2e602979db26a10ec030ea447d.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23911-d4e02e2e602979db26a10ec030ea447d + +info: + name: > + Solidres – Hotel booking plugin <= 0.9.4 - Authenticated (Contributor+) SQL Injection + author: topscoder + severity: low + description: > + The Solidres – Hotel booking plugin plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 0.9.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/29ea6ec6-3dc8-4bb6-bdec-bc2a24d2478b?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N + cvss-score: 6.5 + cve-id: CVE-2025-23911 + metadata: + fofa-query: "wp-content/plugins/solidres/" + google-query: inurl:"/wp-content/plugins/solidres/" + shodan-query: 'vuln:CVE-2025-23911' + tags: cve,wordpress,wp-plugin,solidres,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/solidres/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "solidres" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.9.4') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23912-19a098510a432153e95461a76e85b4ce.yaml b/nuclei-templates/2025/CVE-2025-23912-19a098510a432153e95461a76e85b4ce.yaml new file mode 100644 index 0000000000..977dbe7ccd --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23912-19a098510a432153e95461a76e85b4ce.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23912-19a098510a432153e95461a76e85b4ce + +info: + name: > + WordPress Custom Sidebar <= 2.3 - Authenticated (Contributor+) SQL Injection + author: topscoder + severity: low + description: > + The WordPress Custom Sidebar plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 2.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d75cce66-35b5-4915-b29b-9a1ef648ec16?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N + cvss-score: 6.5 + cve-id: CVE-2025-23912 + metadata: + fofa-query: "wp-content/plugins/wordpress-custom-sidebar/" + google-query: inurl:"/wp-content/plugins/wordpress-custom-sidebar/" + shodan-query: 'vuln:CVE-2025-23912' + tags: cve,wordpress,wp-plugin,wordpress-custom-sidebar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordpress-custom-sidebar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordpress-custom-sidebar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23913-a203dd651863667dda40f6cd6408c57e.yaml b/nuclei-templates/2025/CVE-2025-23913-a203dd651863667dda40f6cd6408c57e.yaml new file mode 100644 index 0000000000..a314972862 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23913-a203dd651863667dda40f6cd6408c57e.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23913-a203dd651863667dda40f6cd6408c57e + +info: + name: > + WordPress Google Map Professional <= 1.0 - Authenticated (Contributor+) SQL Injection + author: topscoder + severity: low + description: > + The WordPress Google Map Professional plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/04c23273-47de-4f40-8254-14c86b8362ff?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N + cvss-score: 6.5 + cve-id: CVE-2025-23913 + metadata: + fofa-query: "wp-content/plugins/google-map-professional/" + google-query: inurl:"/wp-content/plugins/google-map-professional/" + shodan-query: 'vuln:CVE-2025-23913' + tags: cve,wordpress,wp-plugin,google-map-professional,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/google-map-professional/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "google-map-professional" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23915-0a8878903387bd9648863a48c38a69b6.yaml b/nuclei-templates/2025/CVE-2025-23915-0a8878903387bd9648863a48c38a69b6.yaml new file mode 100644 index 0000000000..419629690b --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23915-0a8878903387bd9648863a48c38a69b6.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23915-0a8878903387bd9648863a48c38a69b6 + +info: + name: > + FAT Event Lite <= 1.1 - Authenticated (Contributor+) Local File Inclusion + author: topscoder + severity: low + description: > + The FAT Event Lite plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.1. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/999115b1-8bac-4323-ba55-4e8a6df632e8?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2025-23915 + metadata: + fofa-query: "wp-content/plugins/fat-event-lite/" + google-query: inurl:"/wp-content/plugins/fat-event-lite/" + shodan-query: 'vuln:CVE-2025-23915' + tags: cve,wordpress,wp-plugin,fat-event-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fat-event-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fat-event-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23916-7e24c38d4e4c88c269bf7c2d3006d69c.yaml b/nuclei-templates/2025/CVE-2025-23916-7e24c38d4e4c88c269bf7c2d3006d69c.yaml new file mode 100644 index 0000000000..9a2551e247 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23916-7e24c38d4e4c88c269bf7c2d3006d69c.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23916-7e24c38d4e4c88c269bf7c2d3006d69c + +info: + name: > + WP Meetup <= 2.3.0 - Missing Authorization to Authenticated (Subscriber+) Settings Update + author: topscoder + severity: low + description: > + The WP Meetup plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.3.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugin's settings. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/722261d0-b81c-48b9-baf3-93713a814c51?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2025-23916 + metadata: + fofa-query: "wp-content/plugins/wp-meetup/" + google-query: inurl:"/wp-content/plugins/wp-meetup/" + shodan-query: 'vuln:CVE-2025-23916' + tags: cve,wordpress,wp-plugin,wp-meetup,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-meetup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-meetup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23917-e22cd5b1d73ab2993e0eed430f5586bf.yaml b/nuclei-templates/2025/CVE-2025-23917-e22cd5b1d73ab2993e0eed430f5586bf.yaml new file mode 100644 index 0000000000..06216449f8 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23917-e22cd5b1d73ab2993e0eed430f5586bf.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23917-e22cd5b1d73ab2993e0eed430f5586bf + +info: + name: > + Chamber Dashboard Business Directory <= 3.3.10 - Missing Authorization + author: topscoder + severity: low + description: > + The Chamber Dashboard Business Directory plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cdash_add_demo_data() function in versions up to, and including, 3.3.10. This makes it possible for authenticated attackers, with subscriber-level access and above, to add demo data. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dbddf8a5-57fe-4c70-b564-75e62b96462d?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2025-23917 + metadata: + fofa-query: "wp-content/plugins/chamber-dashboard-business-directory/" + google-query: inurl:"/wp-content/plugins/chamber-dashboard-business-directory/" + shodan-query: 'vuln:CVE-2025-23917' + tags: cve,wordpress,wp-plugin,chamber-dashboard-business-directory,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/chamber-dashboard-business-directory/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "chamber-dashboard-business-directory" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.10') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23918-dfda6a47f37d0bfed08a929e2666f438.yaml b/nuclei-templates/2025/CVE-2025-23918-dfda6a47f37d0bfed08a929e2666f438.yaml new file mode 100644 index 0000000000..2f1c04cfc8 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23918-dfda6a47f37d0bfed08a929e2666f438.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23918-dfda6a47f37d0bfed08a929e2666f438 + +info: + name: > + Smallerik File Browser <= 1.1 - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + The Smallerik File Browser plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/50bc789a-be96-4e65-9a1d-0314c0247613?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2025-23918 + metadata: + fofa-query: "wp-content/plugins/smallerik-file-browser/" + google-query: inurl:"/wp-content/plugins/smallerik-file-browser/" + shodan-query: 'vuln:CVE-2025-23918' + tags: cve,wordpress,wp-plugin,smallerik-file-browser,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/smallerik-file-browser/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "smallerik-file-browser" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23919-ff9c40741ae9f7b2e068ef928e04f86d.yaml b/nuclei-templates/2025/CVE-2025-23919-ff9c40741ae9f7b2e068ef928e04f86d.yaml new file mode 100644 index 0000000000..ffd94c9a12 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23919-ff9c40741ae9f7b2e068ef928e04f86d.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23919-ff9c40741ae9f7b2e068ef928e04f86d + +info: + name: > + Slides & Presentations <= 0.0.39 - Missing Authorization to Content Injection + author: topscoder + severity: low + description: > + The Slides & Presentations plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 0.0.39. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary content. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3223a1c0-e0e3-46e6-ba4c-777db86bdb26?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2025-23919 + metadata: + fofa-query: "wp-content/plugins/slide/" + google-query: inurl:"/wp-content/plugins/slide/" + shodan-query: 'vuln:CVE-2025-23919' + tags: cve,wordpress,wp-plugin,slide,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/slide/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "slide" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.0.39') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23921-0579d0fc0696c0421e05e1c1ace36d23.yaml b/nuclei-templates/2025/CVE-2025-23921-0579d0fc0696c0421e05e1c1ace36d23.yaml new file mode 100644 index 0000000000..79318b9a17 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23921-0579d0fc0696c0421e05e1c1ace36d23.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23921-0579d0fc0696c0421e05e1c1ace36d23 + +info: + name: > + Multi Uploader for Gravity Forms <= 1.1.3 - Unauthenticated Arbitrary File Upload + author: topscoder + severity: critical + description: > + The Multi Uploader for Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.1.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/43b7e458-73d7-4a02-8184-081654a9f58e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2025-23921 + metadata: + fofa-query: "wp-content/plugins/gf-multi-uploader/" + google-query: inurl:"/wp-content/plugins/gf-multi-uploader/" + shodan-query: 'vuln:CVE-2025-23921' + tags: cve,wordpress,wp-plugin,gf-multi-uploader,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gf-multi-uploader/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gf-multi-uploader" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.3') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23922-e089f110c69b30bc324a271720fc0596.yaml b/nuclei-templates/2025/CVE-2025-23922-e089f110c69b30bc324a271720fc0596.yaml new file mode 100644 index 0000000000..9e9956feb8 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23922-e089f110c69b30bc324a271720fc0596.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23922-e089f110c69b30bc324a271720fc0596 + +info: + name: > + iSpring Embedder <= 1.0 - Cross-Site Request Forgery to Arbitrary File Upload + author: topscoder + severity: medium + description: > + The iSpring Embedder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to upload arbitrary files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/19c3d7dd-ccde-463c-abd9-f2c67961251a?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2025-23922 + metadata: + fofa-query: "wp-content/plugins/embed-ispring/" + google-query: inurl:"/wp-content/plugins/embed-ispring/" + shodan-query: 'vuln:CVE-2025-23922' + tags: cve,wordpress,wp-plugin,embed-ispring,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/embed-ispring/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "embed-ispring" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23924-b13a70e626e4c394f612a31cca1dac3f.yaml b/nuclei-templates/2025/CVE-2025-23924-b13a70e626e4c394f612a31cca1dac3f.yaml new file mode 100644 index 0000000000..159f07ff75 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23924-b13a70e626e4c394f612a31cca1dac3f.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23924-b13a70e626e4c394f612a31cca1dac3f + +info: + name: > + WP Photo Sphere <= 3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The WP Photo Sphere plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/271a813d-1e20-4a9b-b4d0-6d73cc2866d4?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-23924 + metadata: + fofa-query: "wp-content/plugins/wp-photo-sphere/" + google-query: inurl:"/wp-content/plugins/wp-photo-sphere/" + shodan-query: 'vuln:CVE-2025-23924' + tags: cve,wordpress,wp-plugin,wp-photo-sphere,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-photo-sphere/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-photo-sphere" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.8') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23925-7ad2f0932f2df22c0d3d31501beb31ae.yaml b/nuclei-templates/2025/CVE-2025-23925-7ad2f0932f2df22c0d3d31501beb31ae.yaml new file mode 100644 index 0000000000..eb5cc0d620 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23925-7ad2f0932f2df22c0d3d31501beb31ae.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23925-7ad2f0932f2df22c0d3d31501beb31ae + +info: + name: > + Feedburner Optin Form <= 0.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Feedburner Optin Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 0.2.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f72cbcd8-13ad-4f19-a72c-2c5472e434f1?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-23925 + metadata: + fofa-query: "wp-content/plugins/feedburner-optin-form/" + google-query: inurl:"/wp-content/plugins/feedburner-optin-form/" + shodan-query: 'vuln:CVE-2025-23925' + tags: cve,wordpress,wp-plugin,feedburner-optin-form,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/feedburner-optin-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "feedburner-optin-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.2.8') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23926-add390cb26035a6afa2e024e5fda1163.yaml b/nuclei-templates/2025/CVE-2025-23926-add390cb26035a6afa2e024e5fda1163.yaml new file mode 100644 index 0000000000..be891b8a0b --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23926-add390cb26035a6afa2e024e5fda1163.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23926-add390cb26035a6afa2e024e5fda1163 + +info: + name: > + Ajax WP Query Search Filter <= 1.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Ajax WP Query Search Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6db022e7-d0a7-4c32-87b4-7d9a87c4542d?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-23926 + metadata: + fofa-query: "wp-content/plugins/ajax-wp-query-search-filter/" + google-query: inurl:"/wp-content/plugins/ajax-wp-query-search-filter/" + shodan-query: 'vuln:CVE-2025-23926' + tags: cve,wordpress,wp-plugin,ajax-wp-query-search-filter,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ajax-wp-query-search-filter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ajax-wp-query-search-filter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.7') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23927-659d65fbb184b094f9d924496dd6afed.yaml b/nuclei-templates/2025/CVE-2025-23927-659d65fbb184b094f9d924496dd6afed.yaml new file mode 100644 index 0000000000..43a4953491 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23927-659d65fbb184b094f9d924496dd6afed.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23927-659d65fbb184b094f9d924496dd6afed + +info: + name: > + Incredible Font Awesome <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Incredible Font Awesome plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3f04b52f-8100-4823-b925-ed562f08a91d?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-23927 + metadata: + fofa-query: "wp-content/plugins/incredible-font-awesome/" + google-query: inurl:"/wp-content/plugins/incredible-font-awesome/" + shodan-query: 'vuln:CVE-2025-23927' + tags: cve,wordpress,wp-plugin,incredible-font-awesome,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/incredible-font-awesome/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "incredible-font-awesome" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23928-6b643ff288f8dbe4bf6235f43d5d72ce.yaml b/nuclei-templates/2025/CVE-2025-23928-6b643ff288f8dbe4bf6235f43d5d72ce.yaml new file mode 100644 index 0000000000..10165708b6 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23928-6b643ff288f8dbe4bf6235f43d5d72ce.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23928-6b643ff288f8dbe4bf6235f43d5d72ce + +info: + name: > + Google Org Chart <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Google Org Chart plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0ea59a87-1b69-42fa-afc4-d68b33df94b1?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-23928 + metadata: + fofa-query: "wp-content/plugins/google-org-chart/" + google-query: inurl:"/wp-content/plugins/google-org-chart/" + shodan-query: 'vuln:CVE-2025-23928' + tags: cve,wordpress,wp-plugin,google-org-chart,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/google-org-chart/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "google-org-chart" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23929-b147a454b79cd89ea0cc4e0fbdf08ccd.yaml b/nuclei-templates/2025/CVE-2025-23929-b147a454b79cd89ea0cc4e0fbdf08ccd.yaml new file mode 100644 index 0000000000..2c9addad75 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23929-b147a454b79cd89ea0cc4e0fbdf08ccd.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23929-b147a454b79cd89ea0cc4e0fbdf08ccd + +info: + name: > + Email Capture & Lead Generation <= 1.0.2 - Missing Authorization + author: topscoder + severity: low + description: > + The Email Capture & Lead Generation plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.0.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6d10202f-dba6-4308-9857-a576c63ec6da?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2025-23929 + metadata: + fofa-query: "wp-content/plugins/email-capture-lead-generation/" + google-query: inurl:"/wp-content/plugins/email-capture-lead-generation/" + shodan-query: 'vuln:CVE-2025-23929' + tags: cve,wordpress,wp-plugin,email-capture-lead-generation,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/email-capture-lead-generation/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "email-capture-lead-generation" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.2') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23930-47cede17df852a6a1f9e601d87b0f53a.yaml b/nuclei-templates/2025/CVE-2025-23930-47cede17df852a6a1f9e601d87b0f53a.yaml new file mode 100644 index 0000000000..6a4f18050b --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23930-47cede17df852a6a1f9e601d87b0f53a.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23930-47cede17df852a6a1f9e601d87b0f53a + +info: + name: > + PayPal Marketing Solutions <= 1.2 - Missing Authorization + author: topscoder + severity: low + description: > + The PayPal Marketing Solutions plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/839c29bd-c064-495c-9c4f-37e12843336f?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2025-23930 + metadata: + fofa-query: "wp-content/plugins/paypal-promotions-and-insights/" + google-query: inurl:"/wp-content/plugins/paypal-promotions-and-insights/" + shodan-query: 'vuln:CVE-2025-23930' + tags: cve,wordpress,wp-plugin,paypal-promotions-and-insights,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/paypal-promotions-and-insights/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "paypal-promotions-and-insights" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23932-ded0ed094866195dc1551edf3eeb9521.yaml b/nuclei-templates/2025/CVE-2025-23932-ded0ed094866195dc1551edf3eeb9521.yaml new file mode 100644 index 0000000000..396c3c2eb6 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23932-ded0ed094866195dc1551edf3eeb9521.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23932-ded0ed094866195dc1551edf3eeb9521 + +info: + name: > + Quick Count <= 3.00 - Unauthenticated PHP Object Injection + author: topscoder + severity: critical + description: > + The Quick Count plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 3.00 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/32fe415d-f96d-4023-9faf-b83e7ff6acb1?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2025-23932 + metadata: + fofa-query: "wp-content/plugins/quick-count/" + google-query: inurl:"/wp-content/plugins/quick-count/" + shodan-query: 'vuln:CVE-2025-23932' + tags: cve,wordpress,wp-plugin,quick-count,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quick-count/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quick-count" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.00') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23933-4a7a965556953eef1a2dc6a364544ca1.yaml b/nuclei-templates/2025/CVE-2025-23933-4a7a965556953eef1a2dc6a364544ca1.yaml new file mode 100644 index 0000000000..a79aae4098 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23933-4a7a965556953eef1a2dc6a364544ca1.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23933-4a7a965556953eef1a2dc6a364544ca1 + +info: + name: > + WpF Ultimate Carousel <= 1.0.11 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The WpF Ultimate Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e44004a9-c705-4e97-83e2-f7db4311a978?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-23933 + metadata: + fofa-query: "wp-content/plugins/wpf-ultimate-carousel/" + google-query: inurl:"/wp-content/plugins/wpf-ultimate-carousel/" + shodan-query: 'vuln:CVE-2025-23933' + tags: cve,wordpress,wp-plugin,wpf-ultimate-carousel,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpf-ultimate-carousel/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpf-ultimate-carousel" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.11') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23934-330aae326693cc932f97bfb14a815b01.yaml b/nuclei-templates/2025/CVE-2025-23934-330aae326693cc932f97bfb14a815b01.yaml new file mode 100644 index 0000000000..a9d67640ec --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23934-330aae326693cc932f97bfb14a815b01.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23934-330aae326693cc932f97bfb14a815b01 + +info: + name: > + Giveaways and Contests by PromoSimple <= 1.24 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Giveaways and Contests by PromoSimple plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.24 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/247e252a-ac4f-4567-813b-1ceb8b5f6a22?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-23934 + metadata: + fofa-query: "wp-content/plugins/giveaways-contests-by-promosimple/" + google-query: inurl:"/wp-content/plugins/giveaways-contests-by-promosimple/" + shodan-query: 'vuln:CVE-2025-23934' + tags: cve,wordpress,wp-plugin,giveaways-contests-by-promosimple,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/giveaways-contests-by-promosimple/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "giveaways-contests-by-promosimple" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.24') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23935-13fd6aa8d8c045122325865c5dd1f423.yaml b/nuclei-templates/2025/CVE-2025-23935-13fd6aa8d8c045122325865c5dd1f423.yaml new file mode 100644 index 0000000000..81862572e4 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23935-13fd6aa8d8c045122325865c5dd1f423.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23935-13fd6aa8d8c045122325865c5dd1f423 + +info: + name: > + Magic Google Maps <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Magic Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/770dbc3c-d05c-453e-bf64-5d45f395c53b?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-23935 + metadata: + fofa-query: "wp-content/plugins/magic-google-maps/" + google-query: inurl:"/wp-content/plugins/magic-google-maps/" + shodan-query: 'vuln:CVE-2025-23935' + tags: cve,wordpress,wp-plugin,magic-google-maps,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/magic-google-maps/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "magic-google-maps" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.4') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23936-6e229fb7e7e01137835542fc0a51dc9b.yaml b/nuclei-templates/2025/CVE-2025-23936-6e229fb7e7e01137835542fc0a51dc9b.yaml new file mode 100644 index 0000000000..7422c52549 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23936-6e229fb7e7e01137835542fc0a51dc9b.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23936-6e229fb7e7e01137835542fc0a51dc9b + +info: + name: > + CC Circle Progress Bar <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The CC Circle Progress Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e842ce50-0117-4564-9551-482278dd5c11?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-23936 + metadata: + fofa-query: "wp-content/plugins/cc-circle-progress-bar/" + google-query: inurl:"/wp-content/plugins/cc-circle-progress-bar/" + shodan-query: 'vuln:CVE-2025-23936' + tags: cve,wordpress,wp-plugin,cc-circle-progress-bar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cc-circle-progress-bar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cc-circle-progress-bar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23938-1914561e71f24a7a3abfe7b1c4b745cd.yaml b/nuclei-templates/2025/CVE-2025-23938-1914561e71f24a7a3abfe7b1c4b745cd.yaml new file mode 100644 index 0000000000..e66bf8d60c --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23938-1914561e71f24a7a3abfe7b1c4b745cd.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23938-1914561e71f24a7a3abfe7b1c4b745cd + +info: + name: > + Image Gallery Box by CRUDLab <= 1.0.3 - Authenticated (Subscriber+) Local File Inclusion + author: topscoder + severity: low + description: > + The Image Gallery Box by CRUDLab plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.0.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/468fc0c3-288d-4d9c-a27a-68470f220c39?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2025-23938 + metadata: + fofa-query: "wp-content/plugins/image-gallery-box-by-crudlab/" + google-query: inurl:"/wp-content/plugins/image-gallery-box-by-crudlab/" + shodan-query: 'vuln:CVE-2025-23938' + tags: cve,wordpress,wp-plugin,image-gallery-box-by-crudlab,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/image-gallery-box-by-crudlab/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "image-gallery-box-by-crudlab" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.3') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23939-148cdb0f164256836fdab1f4f9cfe4dd.yaml b/nuclei-templates/2025/CVE-2025-23939-148cdb0f164256836fdab1f4f9cfe4dd.yaml new file mode 100644 index 0000000000..e0aa112674 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23939-148cdb0f164256836fdab1f4f9cfe4dd.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23939-148cdb0f164256836fdab1f4f9cfe4dd + +info: + name: > + Image Switcher <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Image Switcher plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5eb4f996-b74c-495e-958e-7c6fb4eba62e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-23939 + metadata: + fofa-query: "wp-content/plugins/image-switcher/" + google-query: inurl:"/wp-content/plugins/image-switcher/" + shodan-query: 'vuln:CVE-2025-23939' + tags: cve,wordpress,wp-plugin,image-switcher,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/image-switcher/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "image-switcher" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23940-cb33b2cbb989e137e78b505763bd2f8e.yaml b/nuclei-templates/2025/CVE-2025-23940-cb33b2cbb989e137e78b505763bd2f8e.yaml new file mode 100644 index 0000000000..777ea3759d --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23940-cb33b2cbb989e137e78b505763bd2f8e.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23940-cb33b2cbb989e137e78b505763bd2f8e + +info: + name: > + Image Switcher <= 0.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Image Switcher plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 0.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d67e312f-58ad-46d9-a14c-4082ec64442e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-23940 + metadata: + fofa-query: "wp-content/plugins/image-switcher/" + google-query: inurl:"/wp-content/plugins/image-switcher/" + shodan-query: 'vuln:CVE-2025-23940' + tags: cve,wordpress,wp-plugin,image-switcher,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/image-switcher/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "image-switcher" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.1.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23941-29c02f339a8967a27ad8390552bd0e2f.yaml b/nuclei-templates/2025/CVE-2025-23941-29c02f339a8967a27ad8390552bd0e2f.yaml new file mode 100644 index 0000000000..fae8e3d8b5 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23941-29c02f339a8967a27ad8390552bd0e2f.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23941-29c02f339a8967a27ad8390552bd0e2f + +info: + name: > + MeinTurnierplan.de Widget Viewer <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The MeinTurnierplan.de Widget Viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/14ae2d0f-5c50-4498-8809-e3425d61ed0e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-23941 + metadata: + fofa-query: "wp-content/plugins/meinturnierplande-widget-viewer/" + google-query: inurl:"/wp-content/plugins/meinturnierplande-widget-viewer/" + shodan-query: 'vuln:CVE-2025-23941' + tags: cve,wordpress,wp-plugin,meinturnierplande-widget-viewer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/meinturnierplande-widget-viewer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "meinturnierplande-widget-viewer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23942-8a67f482d7d63cf87a3b017e70e0e0e8.yaml b/nuclei-templates/2025/CVE-2025-23942-8a67f482d7d63cf87a3b017e70e0e0e8.yaml new file mode 100644 index 0000000000..f06cfbdb78 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23942-8a67f482d7d63cf87a3b017e70e0e0e8.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23942-8a67f482d7d63cf87a3b017e70e0e0e8 + +info: + name: > + WP Load Gallery <= 2.1.6 - Authenticated (Author+) Arbitrary File Upload + author: topscoder + severity: low + description: > + The WP Load Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 2.1.6. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7a82f52a-0a9a-4b36-960d-f0c7d692c8ee?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2025-23942 + metadata: + fofa-query: "wp-content/plugins/wp-load-gallery/" + google-query: inurl:"/wp-content/plugins/wp-load-gallery/" + shodan-query: 'vuln:CVE-2025-23942' + tags: cve,wordpress,wp-plugin,wp-load-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-load-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-load-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.6') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23943-4ea7000181e3e029d465918a9ef0d5a5.yaml b/nuclei-templates/2025/CVE-2025-23943-4ea7000181e3e029d465918a9ef0d5a5.yaml new file mode 100644 index 0000000000..6dd6c658d2 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23943-4ea7000181e3e029d465918a9ef0d5a5.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23943-4ea7000181e3e029d465918a9ef0d5a5 + +info: + name: > + PDF.js Shortcode <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The PDF.js Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1671405d-27db-4485-87c0-c6405c93f6ad?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-23943 + metadata: + fofa-query: "wp-content/plugins/pdfjs-shortcode/" + google-query: inurl:"/wp-content/plugins/pdfjs-shortcode/" + shodan-query: 'vuln:CVE-2025-23943' + tags: cve,wordpress,wp-plugin,pdfjs-shortcode,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pdfjs-shortcode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pdfjs-shortcode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23946-95878a4419c0628c7e35870d941db702.yaml b/nuclei-templates/2025/CVE-2025-23946-95878a4419c0628c7e35870d941db702.yaml new file mode 100644 index 0000000000..6483ebf761 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23946-95878a4419c0628c7e35870d941db702.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23946-95878a4419c0628c7e35870d941db702 + +info: + name: > + Enhanced YouTube Shortcode <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Enhanced YouTube Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8aee76b0-7a28-4f03-95a8-15d504cf38a4?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-23946 + metadata: + fofa-query: "wp-content/plugins/enhanced-youtube-shortcode/" + google-query: inurl:"/wp-content/plugins/enhanced-youtube-shortcode/" + shodan-query: 'vuln:CVE-2025-23946' + tags: cve,wordpress,wp-plugin,enhanced-youtube-shortcode,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/enhanced-youtube-shortcode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "enhanced-youtube-shortcode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23947-4d8b77847b4ce0302c18435e6fd890cb.yaml b/nuclei-templates/2025/CVE-2025-23947-4d8b77847b4ce0302c18435e6fd890cb.yaml new file mode 100644 index 0000000000..65195b91d7 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23947-4d8b77847b4ce0302c18435e6fd890cb.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23947-4d8b77847b4ce0302c18435e6fd890cb + +info: + name: > + WP-Player <= 2.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The WP-Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39acd470-d65b-415d-9f57-2227d19821df?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-23947 + metadata: + fofa-query: "wp-content/plugins/wp-player/" + google-query: inurl:"/wp-content/plugins/wp-player/" + shodan-query: 'vuln:CVE-2025-23947' + tags: cve,wordpress,wp-plugin,wp-player,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-player/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-player" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23948-d6485f63ec4a6e5df37a20b46f46b35a.yaml b/nuclei-templates/2025/CVE-2025-23948-d6485f63ec4a6e5df37a20b46f46b35a.yaml new file mode 100644 index 0000000000..549f31effe --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23948-d6485f63ec4a6e5df37a20b46f46b35a.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23948-d6485f63ec4a6e5df37a20b46f46b35a + +info: + name: > + Background animation blocks <= 2.1.5 - Unauthenticated Local File Inclusion + author: topscoder + severity: critical + description: > + The Background animation blocks plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.1.5. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d792be47-bbca-4d94-95b3-194acf3f57b3?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2025-23948 + metadata: + fofa-query: "wp-content/plugins/background-animation-blocks/" + google-query: inurl:"/wp-content/plugins/background-animation-blocks/" + shodan-query: 'vuln:CVE-2025-23948' + tags: cve,wordpress,wp-plugin,background-animation-blocks,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/background-animation-blocks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "background-animation-blocks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.5') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23950-cd42b5fb48a45b0344b7dbee33a64767.yaml b/nuclei-templates/2025/CVE-2025-23950-cd42b5fb48a45b0344b7dbee33a64767.yaml new file mode 100644 index 0000000000..49a82d1ba5 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23950-cd42b5fb48a45b0344b7dbee33a64767.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23950-cd42b5fb48a45b0344b7dbee33a64767 + +info: + name: > + EZPlayer <= 1.0.10 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The EZPlayer plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/968dce76-783a-4c1a-8d62-e1f8d6cc2f2c?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-23950 + metadata: + fofa-query: "wp-content/plugins/ezplayer/" + google-query: inurl:"/wp-content/plugins/ezplayer/" + shodan-query: 'vuln:CVE-2025-23950' + tags: cve,wordpress,wp-plugin,ezplayer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ezplayer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ezplayer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.10') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23951-fecda51faa86f14210d143e2aeae972a.yaml b/nuclei-templates/2025/CVE-2025-23951-fecda51faa86f14210d143e2aeae972a.yaml new file mode 100644 index 0000000000..c27909e529 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23951-fecda51faa86f14210d143e2aeae972a.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23951-fecda51faa86f14210d143e2aeae972a + +info: + name: > + Gallery: Hybrid – Advanced Visual Gallery <= 1.4.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Gallery: Hybrid – Advanced Visual Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.4.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/16d4ff25-3dae-437f-b6a5-703a3b879904?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-23951 + metadata: + fofa-query: "wp-content/plugins/hybrid-gallery/" + google-query: inurl:"/wp-content/plugins/hybrid-gallery/" + shodan-query: 'vuln:CVE-2025-23951' + tags: cve,wordpress,wp-plugin,hybrid-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/hybrid-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "hybrid-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.0.2') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23953-380236a7d19c53aceb9b17593fa922d0.yaml b/nuclei-templates/2025/CVE-2025-23953-380236a7d19c53aceb9b17593fa922d0.yaml new file mode 100644 index 0000000000..5f22b3c9f0 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23953-380236a7d19c53aceb9b17593fa922d0.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23953-380236a7d19c53aceb9b17593fa922d0 + +info: + name: > + user files <= 2.4.2 - Unauthenticated Arbitrary File Upload + author: topscoder + severity: critical + description: > + The user files plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 2.4.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1672e8fb-900b-4c2a-b9fd-e64dbb1046af?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2025-23953 + metadata: + fofa-query: "wp-content/plugins/user-files/" + google-query: inurl:"/wp-content/plugins/user-files/" + shodan-query: 'vuln:CVE-2025-23953' + tags: cve,wordpress,wp-plugin,user-files,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/user-files/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "user-files" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.2') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23954-c2ca7ddccb2d2783f45d21a70456f10c.yaml b/nuclei-templates/2025/CVE-2025-23954-c2ca7ddccb2d2783f45d21a70456f10c.yaml new file mode 100644 index 0000000000..1263677f28 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23954-c2ca7ddccb2d2783f45d21a70456f10c.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23954-c2ca7ddccb2d2783f45d21a70456f10c + +info: + name: > + Salvador – AI Image Generator <= 1.0.11 - Missing Authorization + author: topscoder + severity: low + description: > + The Salvador – AI Image Generator plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.0.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f42c6462-9206-460c-94c0-859306886c88?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2025-23954 + metadata: + fofa-query: "wp-content/plugins/salvador-ai-image-generator/" + google-query: inurl:"/wp-content/plugins/salvador-ai-image-generator/" + shodan-query: 'vuln:CVE-2025-23954' + tags: cve,wordpress,wp-plugin,salvador-ai-image-generator,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/salvador-ai-image-generator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "salvador-ai-image-generator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.11') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23955-023b21e0f1bd5c7539a3aa722b4f85d0.yaml b/nuclei-templates/2025/CVE-2025-23955-023b21e0f1bd5c7539a3aa722b4f85d0.yaml new file mode 100644 index 0000000000..82edd7a214 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23955-023b21e0f1bd5c7539a3aa722b4f85d0.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23955-023b21e0f1bd5c7539a3aa722b4f85d0 + +info: + name: > + Xola <= 1.6 - Missing Authorization + author: topscoder + severity: low + description: > + The Xola plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f5b18726-a880-4e06-8f33-77aea7323000?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2025-23955 + metadata: + fofa-query: "wp-content/plugins/xola-bookings-for-tours-activities/" + google-query: inurl:"/wp-content/plugins/xola-bookings-for-tours-activities/" + shodan-query: 'vuln:CVE-2025-23955' + tags: cve,wordpress,wp-plugin,xola-bookings-for-tours-activities,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/xola-bookings-for-tours-activities/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "xola-bookings-for-tours-activities" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23957-906b5802841c4e4de4ad463b40825e4d.yaml b/nuclei-templates/2025/CVE-2025-23957-906b5802841c4e4de4ad463b40825e4d.yaml new file mode 100644 index 0000000000..4435c7e3cd --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23957-906b5802841c4e4de4ad463b40825e4d.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23957-906b5802841c4e4de4ad463b40825e4d + +info: + name: > + Sur.ly <= 3.0.3 - Missing Authorization + author: topscoder + severity: low + description: > + The Sur.ly plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.0.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/df7094e5-bccd-471c-8ba1-c8a6b145b957?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2025-23957 + metadata: + fofa-query: "wp-content/plugins/surly/" + google-query: inurl:"/wp-content/plugins/surly/" + shodan-query: 'vuln:CVE-2025-23957' + tags: cve,wordpress,wp-plugin,surly,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/surly/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "surly" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.3') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23961-1debe44dc4a188563104c7afe17e780f.yaml b/nuclei-templates/2025/CVE-2025-23961-1debe44dc4a188563104c7afe17e780f.yaml new file mode 100644 index 0000000000..7cf66f2185 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23961-1debe44dc4a188563104c7afe17e780f.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23961-1debe44dc4a188563104c7afe17e780f + +info: + name: > + WordPress Graphs & Charts <= 2.0.8 - Missing Authorization + author: topscoder + severity: low + description: > + The WordPress Graphs & Charts – Easy Interactive HTML5 Charts Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.0.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d9580a28-3c75-4e26-a688-204859edf7cb?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2025-23961 + metadata: + fofa-query: "wp-content/plugins/graph-lite/" + google-query: inurl:"/wp-content/plugins/graph-lite/" + shodan-query: 'vuln:CVE-2025-23961' + tags: cve,wordpress,wp-plugin,graph-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/graph-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "graph-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.8') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23962-d24a453e086e9a51373dcb48e7741341.yaml b/nuclei-templates/2025/CVE-2025-23962-d24a453e086e9a51373dcb48e7741341.yaml new file mode 100644 index 0000000000..4740f63c51 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23962-d24a453e086e9a51373dcb48e7741341.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23962-d24a453e086e9a51373dcb48e7741341 + +info: + name: > + Goldstar <= 2.1.1 - Missing Authorization + author: topscoder + severity: low + description: > + The Goldstar plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.1.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bf0871e7-7dc4-4acb-868f-7dc32016582e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2025-23962 + metadata: + fofa-query: "wp-content/plugins/goldstar/" + google-query: inurl:"/wp-content/plugins/goldstar/" + shodan-query: 'vuln:CVE-2025-23962' + tags: cve,wordpress,wp-plugin,goldstar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/goldstar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "goldstar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23963-1b9775a533469e61d3916150b9233108.yaml b/nuclei-templates/2025/CVE-2025-23963-1b9775a533469e61d3916150b9233108.yaml new file mode 100644 index 0000000000..6e2c9a19fb --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23963-1b9775a533469e61d3916150b9233108.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23963-1b9775a533469e61d3916150b9233108 + +info: + name: > + Mark Posts <= 2.2.4 - Missing Authorization + author: topscoder + severity: low + description: > + The Mark Posts plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.2.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2008df3e-29d2-4d64-b850-c83c2a6a9996?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2025-23963 + metadata: + fofa-query: "wp-content/plugins/mark-posts/" + google-query: inurl:"/wp-content/plugins/mark-posts/" + shodan-query: 'vuln:CVE-2025-23963' + tags: cve,wordpress,wp-plugin,mark-posts,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mark-posts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mark-posts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.4') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23965-a1d0de98d01958f2af3cdaeea6a39def.yaml b/nuclei-templates/2025/CVE-2025-23965-a1d0de98d01958f2af3cdaeea6a39def.yaml new file mode 100644 index 0000000000..0e66996014 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23965-a1d0de98d01958f2af3cdaeea6a39def.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23965-a1d0de98d01958f2af3cdaeea6a39def + +info: + name: > + Kopa Nictitate Toolkit <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Kopa Nictitate Toolkit plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/61a643d6-30db-4b9c-98b3-514b616fbd35?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-23965 + metadata: + fofa-query: "wp-content/plugins/kopa-nictitate-toolkit/" + google-query: inurl:"/wp-content/plugins/kopa-nictitate-toolkit/" + shodan-query: 'vuln:CVE-2025-23965' + tags: cve,wordpress,wp-plugin,kopa-nictitate-toolkit,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/kopa-nictitate-toolkit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "kopa-nictitate-toolkit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.2') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23976-ccc517d321d0cfafec22f1c4d50c03bb.yaml b/nuclei-templates/2025/CVE-2025-23976-ccc517d321d0cfafec22f1c4d50c03bb.yaml new file mode 100644 index 0000000000..e56ae91e4f --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23976-ccc517d321d0cfafec22f1c4d50c03bb.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23976-ccc517d321d0cfafec22f1c4d50c03bb + +info: + name: > + Issuu Panel <= 2.1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Issuu Panel plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8de3b45c-e0f2-48a6-a7b3-207981161691?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23976 + metadata: + fofa-query: "wp-content/plugins/issuu-panel/" + google-query: inurl:"/wp-content/plugins/issuu-panel/" + shodan-query: 'vuln:CVE-2025-23976' + tags: cve,wordpress,wp-plugin,issuu-panel,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/issuu-panel/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "issuu-panel" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23977-d2a19cc1c1afe7d10e1b610e7910c82a.yaml b/nuclei-templates/2025/CVE-2025-23977-d2a19cc1c1afe7d10e1b610e7910c82a.yaml new file mode 100644 index 0000000000..2a01af0bd1 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23977-d2a19cc1c1afe7d10e1b610e7910c82a.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23977-d2a19cc1c1afe7d10e1b610e7910c82a + +info: + name: > + Post Carousel Slider <= 2.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Post Carousel Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4faf5d1f-604d-4174-8b83-8779cc83ac4c?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23977 + metadata: + fofa-query: "wp-content/plugins/post-carousel-slider/" + google-query: inurl:"/wp-content/plugins/post-carousel-slider/" + shodan-query: 'vuln:CVE-2025-23977' + tags: cve,wordpress,wp-plugin,post-carousel-slider,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/post-carousel-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "post-carousel-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23978-28525dde9782c3e73e13602504ee8d33.yaml b/nuclei-templates/2025/CVE-2025-23978-28525dde9782c3e73e13602504ee8d33.yaml new file mode 100644 index 0000000000..0c580cdde5 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23978-28525dde9782c3e73e13602504ee8d33.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23978-28525dde9782c3e73e13602504ee8d33 + +info: + name: > + FlashCounter <= 1.1.8 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The FlashCounter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.8. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9a077f41-ff1d-4c86-8f39-5e2f795abc3e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23978 + metadata: + fofa-query: "wp-content/plugins/flashcounter/" + google-query: inurl:"/wp-content/plugins/flashcounter/" + shodan-query: 'vuln:CVE-2025-23978' + tags: cve,wordpress,wp-plugin,flashcounter,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/flashcounter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "flashcounter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.8') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23979-f0990a333e50dcf358575155aaf6e3f0.yaml b/nuclei-templates/2025/CVE-2025-23979-f0990a333e50dcf358575155aaf6e3f0.yaml new file mode 100644 index 0000000000..1c6e81ac3f --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23979-f0990a333e50dcf358575155aaf6e3f0.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23979-f0990a333e50dcf358575155aaf6e3f0 + +info: + name: > + flashy <= 1.2.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The flashy theme for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/323fde5c-5b63-462d-ae8b-8414ef0f36f3?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23979 + metadata: + fofa-query: "wp-content/themes/flashy/" + google-query: inurl:"/wp-content/themes/flashy/" + shodan-query: 'vuln:CVE-2025-23979' + tags: cve,wordpress,wp-theme,flashy,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/flashy/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "flashy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23980-20cc62631bdeb2aa1661aac8c688336f.yaml b/nuclei-templates/2025/CVE-2025-23980-20cc62631bdeb2aa1661aac8c688336f.yaml new file mode 100644 index 0000000000..e9784b336b --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23980-20cc62631bdeb2aa1661aac8c688336f.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23980-20cc62631bdeb2aa1661aac8c688336f + +info: + name: > + Full Circle <= 0.5.7.8 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Full Circle plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.5.7.8. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ad306c2b-5fc7-49c2-9ee0-777c7e6014e5?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23980 + metadata: + fofa-query: "wp-content/plugins/full-circle/" + google-query: inurl:"/wp-content/plugins/full-circle/" + shodan-query: 'vuln:CVE-2025-23980' + tags: cve,wordpress,wp-plugin,full-circle,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/full-circle/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "full-circle" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.5.7.8') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23981-0d2c14258f39daf66332b3772289bcb1.yaml b/nuclei-templates/2025/CVE-2025-23981-0d2c14258f39daf66332b3772289bcb1.yaml new file mode 100644 index 0000000000..1f2b88869c --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23981-0d2c14258f39daf66332b3772289bcb1.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23981-0d2c14258f39daf66332b3772289bcb1 + +info: + name: > + CarZine <= 1.4.6 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The CarZine theme for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.4.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/90c88379-e87f-4c32-af2b-83704cb14e29?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23981 + metadata: + fofa-query: "wp-content/themes/carzine/" + google-query: inurl:"/wp-content/themes/carzine/" + shodan-query: 'vuln:CVE-2025-23981' + tags: cve,wordpress,wp-theme,carzine,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/carzine/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "carzine" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.6') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23982-13da12bb1626362a3edb87f1879325de.yaml b/nuclei-templates/2025/CVE-2025-23982-13da12bb1626362a3edb87f1879325de.yaml new file mode 100644 index 0000000000..f26d72eb87 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23982-13da12bb1626362a3edb87f1879325de.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23982-13da12bb1626362a3edb87f1879325de + +info: + name: > + Fare Calculator <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Fare Calculator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/136dabc7-7120-47ed-9b70-d2eae13819c0?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23982 + metadata: + fofa-query: "wp-content/plugins/fare-calculator/" + google-query: inurl:"/wp-content/plugins/fare-calculator/" + shodan-query: 'vuln:CVE-2025-23982' + tags: cve,wordpress,wp-plugin,fare-calculator,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fare-calculator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fare-calculator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23983-3ab54cc9d73372b854d5dd21bb60456e.yaml b/nuclei-templates/2025/CVE-2025-23983-3ab54cc9d73372b854d5dd21bb60456e.yaml new file mode 100644 index 0000000000..5c61f0acce --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23983-3ab54cc9d73372b854d5dd21bb60456e.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23983-3ab54cc9d73372b854d5dd21bb60456e + +info: + name: > + Tijaji <= 1.43 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Tijaji theme for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.43 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/209e229f-2a96-4088-b84a-2ac1cd764081?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23983 + metadata: + fofa-query: "wp-content/themes/tijaji/" + google-query: inurl:"/wp-content/themes/tijaji/" + shodan-query: 'vuln:CVE-2025-23983' + tags: cve,wordpress,wp-theme,tijaji,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/tijaji/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tijaji" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.43') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23985-d329125047da92d72b48d67ee8c636cb.yaml b/nuclei-templates/2025/CVE-2025-23985-d329125047da92d72b48d67ee8c636cb.yaml new file mode 100644 index 0000000000..b1acbeae80 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23985-d329125047da92d72b48d67ee8c636cb.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23985-d329125047da92d72b48d67ee8c636cb + +info: + name: > + Dynamic URL SEO <= 1.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + The Dynamic URL SEO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/82d725a7-f4a8-4473-874b-496852a352cc?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2025-23985 + metadata: + fofa-query: "wp-content/plugins/dynamic-url-seo/" + google-query: inurl:"/wp-content/plugins/dynamic-url-seo/" + shodan-query: 'vuln:CVE-2025-23985' + tags: cve,wordpress,wp-plugin,dynamic-url-seo,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dynamic-url-seo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dynamic-url-seo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23986-9408457aa8112a3f82a422ad3065a3d0.yaml b/nuclei-templates/2025/CVE-2025-23986-9408457aa8112a3f82a422ad3065a3d0.yaml new file mode 100644 index 0000000000..5f47459525 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23986-9408457aa8112a3f82a422ad3065a3d0.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23986-9408457aa8112a3f82a422ad3065a3d0 + +info: + name: > + Tiki Time <= 1.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Tiki Time theme for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ef0866ea-1edd-4d45-b3b9-75a0244e8951?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23986 + metadata: + fofa-query: "wp-content/themes/tiki-time/" + google-query: inurl:"/wp-content/themes/tiki-time/" + shodan-query: 'vuln:CVE-2025-23986' + tags: cve,wordpress,wp-theme,tiki-time,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/tiki-time/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tiki-time" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23987-82bc6f71a07e6f11bea1a27c860ce176.yaml b/nuclei-templates/2025/CVE-2025-23987-82bc6f71a07e6f11bea1a27c860ce176.yaml new file mode 100644 index 0000000000..c455c4b37b --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23987-82bc6f71a07e6f11bea1a27c860ce176.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23987-82bc6f71a07e6f11bea1a27c860ce176 + +info: + name: > + Designer <= 1.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Designer plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.6.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e6c3c72d-d2ee-45be-9958-91301a04ee8e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-23987 + metadata: + fofa-query: "wp-content/plugins/designer/" + google-query: inurl:"/wp-content/plugins/designer/" + shodan-query: 'vuln:CVE-2025-23987' + tags: cve,wordpress,wp-plugin,designer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/designer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "designer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23988-01c99a40cc6a1540e5790c71ed0106ab.yaml b/nuclei-templates/2025/CVE-2025-23988-01c99a40cc6a1540e5790c71ed0106ab.yaml new file mode 100644 index 0000000000..389a3f4916 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23988-01c99a40cc6a1540e5790c71ed0106ab.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23988-01c99a40cc6a1540e5790c71ed0106ab + +info: + name: > + Ghostwriter <= 1.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Ghostwriter theme for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3c86a625-9c2f-4e17-938b-82766783384e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23988 + metadata: + fofa-query: "wp-content/themes/ghostwriter/" + google-query: inurl:"/wp-content/themes/ghostwriter/" + shodan-query: 'vuln:CVE-2025-23988' + tags: cve,wordpress,wp-theme,ghostwriter,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/ghostwriter/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ghostwriter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23989-4cf282ce7347513e5000b167e37c086c.yaml b/nuclei-templates/2025/CVE-2025-23989-4cf282ce7347513e5000b167e37c086c.yaml new file mode 100644 index 0000000000..948a571d46 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23989-4cf282ce7347513e5000b167e37c086c.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23989-4cf282ce7347513e5000b167e37c086c + +info: + name: > + Internal Link Builder <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Internal Link Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1e1d2883-59d4-49c8-9a02-cf61c78df7a7?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23989 + metadata: + fofa-query: "wp-content/plugins/internal-link-builder/" + google-query: inurl:"/wp-content/plugins/internal-link-builder/" + shodan-query: 'vuln:CVE-2025-23989' + tags: cve,wordpress,wp-plugin,internal-link-builder,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/internal-link-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "internal-link-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23990-a5712f5c8664cbbf54b64a261f2ea5a0.yaml b/nuclei-templates/2025/CVE-2025-23990-a5712f5c8664cbbf54b64a261f2ea5a0.yaml new file mode 100644 index 0000000000..d959284692 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23990-a5712f5c8664cbbf54b64a261f2ea5a0.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23990-a5712f5c8664cbbf54b64a261f2ea5a0 + +info: + name: > + Scroll Styler <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Scroll Styler plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cfb6e263-efcc-4ecb-8c9a-91f73f82b55a?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23990 + metadata: + fofa-query: "wp-content/plugins/scroll-styler/" + google-query: inurl:"/wp-content/plugins/scroll-styler/" + shodan-query: 'vuln:CVE-2025-23990' + tags: cve,wordpress,wp-plugin,scroll-styler,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/scroll-styler/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "scroll-styler" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23991-e45cfffe18cb5c86cf93ccccd72698a6.yaml b/nuclei-templates/2025/CVE-2025-23991-e45cfffe18cb5c86cf93ccccd72698a6.yaml new file mode 100644 index 0000000000..764fd3d13d --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23991-e45cfffe18cb5c86cf93ccccd72698a6.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23991-e45cfffe18cb5c86cf93ccccd72698a6 + +info: + name: > + Product Size Charts Plugin for WooCommerce <= 2.4.5 - Missing Authorization + author: topscoder + severity: low + description: > + The Product Size Charts Plugin for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.4.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/73f37502-6e11-4fba-802f-9b15ea9064ab?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2025-23991 + metadata: + fofa-query: "wp-content/plugins/woo-advanced-product-size-chart/" + google-query: inurl:"/wp-content/plugins/woo-advanced-product-size-chart/" + shodan-query: 'vuln:CVE-2025-23991' + tags: cve,wordpress,wp-plugin,woo-advanced-product-size-chart,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-advanced-product-size-chart/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-advanced-product-size-chart" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.5') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23994-d94014176fdf7856c7c90e6d0153ebc0.yaml b/nuclei-templates/2025/CVE-2025-23994-d94014176fdf7856c7c90e6d0153ebc0.yaml new file mode 100644 index 0000000000..6895903a8b --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23994-d94014176fdf7856c7c90e6d0153ebc0.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23994-d94014176fdf7856c7c90e6d0153ebc0 + +info: + name: > + Estatebud – Properties & Listings <= 5.5.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Estatebud – Properties & Listings plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.5.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/51b7c8f3-3d55-44c9-896c-c3ae19f15a34?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23994 + metadata: + fofa-query: "wp-content/plugins/estatebud-properties-listings/" + google-query: inurl:"/wp-content/plugins/estatebud-properties-listings/" + shodan-query: 'vuln:CVE-2025-23994' + tags: cve,wordpress,wp-plugin,estatebud-properties-listings,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/estatebud-properties-listings/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "estatebud-properties-listings" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.5.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23995-687799ae25586bbffae48b42e433bd39.yaml b/nuclei-templates/2025/CVE-2025-23995-687799ae25586bbffae48b42e433bd39.yaml new file mode 100644 index 0000000000..96e8250290 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23995-687799ae25586bbffae48b42e433bd39.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23995-687799ae25586bbffae48b42e433bd39 + +info: + name: > + Tantyyellow <= 1.0.0.5 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Tantyyellow theme for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.0.0.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/15f2c277-45ba-40a8-8123-17e23afbf68b?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23995 + metadata: + fofa-query: "wp-content/themes/tantyyellow/" + google-query: inurl:"/wp-content/themes/tantyyellow/" + shodan-query: 'vuln:CVE-2025-23995' + tags: cve,wordpress,wp-theme,tantyyellow,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/tantyyellow/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tantyyellow" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0.5') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23996-22106942684177c51b2fced3ae212e5c.yaml b/nuclei-templates/2025/CVE-2025-23996-22106942684177c51b2fced3ae212e5c.yaml new file mode 100644 index 0000000000..2e6e2e6d4f --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23996-22106942684177c51b2fced3ae212e5c.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23996-22106942684177c51b2fced3ae212e5c + +info: + name: > + AnyRoad <= 1.3.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + The AnyRoad plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dfa14214-26a9-4422-9d96-5357b4eed44f?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2025-23996 + metadata: + fofa-query: "wp-content/plugins/anyguide/" + google-query: inurl:"/wp-content/plugins/anyguide/" + shodan-query: 'vuln:CVE-2025-23996' + tags: cve,wordpress,wp-plugin,anyguide,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/anyguide/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "anyguide" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.2') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23997-840fb8056124c9020fe935312589c93c.yaml b/nuclei-templates/2025/CVE-2025-23997-840fb8056124c9020fe935312589c93c.yaml new file mode 100644 index 0000000000..57cc54c987 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23997-840fb8056124c9020fe935312589c93c.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23997-840fb8056124c9020fe935312589c93c + +info: + name: > + Tamara Checkout <= 1.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Tamara Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.9.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/16ac3161-c539-4cc2-9535-d4a21690a7da?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-23997 + metadata: + fofa-query: "wp-content/plugins/tamara-checkout/" + google-query: inurl:"/wp-content/plugins/tamara-checkout/" + shodan-query: 'vuln:CVE-2025-23997' + tags: cve,wordpress,wp-plugin,tamara-checkout,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tamara-checkout/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tamara-checkout" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.9') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-23998-c08c6a7231b1b900aa6c2ab2d9e96d73.yaml b/nuclei-templates/2025/CVE-2025-23998-c08c6a7231b1b900aa6c2ab2d9e96d73.yaml new file mode 100644 index 0000000000..07b8dfd3df --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-23998-c08c6a7231b1b900aa6c2ab2d9e96d73.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-23998-c08c6a7231b1b900aa6c2ab2d9e96d73 + +info: + name: > + UltraLight <= 1.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The UltraLight theme for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/80a5fac0-9f85-4de1-9c15-51e9bd65e47b?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-23998 + metadata: + fofa-query: "wp-content/themes/the-ultralight/" + google-query: inurl:"/wp-content/themes/the-ultralight/" + shodan-query: 'vuln:CVE-2025-23998' + tags: cve,wordpress,wp-theme,the-ultralight,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/the-ultralight/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "the-ultralight" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24001-6134a2aa1016c0fc42db4db10f09ff36.yaml b/nuclei-templates/2025/CVE-2025-24001-6134a2aa1016c0fc42db4db10f09ff36.yaml new file mode 100644 index 0000000000..5a1bbb502d --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24001-6134a2aa1016c0fc42db4db10f09ff36.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24001-6134a2aa1016c0fc42db4db10f09ff36 + +info: + name: > + PPO Call To Actions <= 0.1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The PPO Call To Actions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1.3. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a323ccb8-c461-4203-a590-3785594b90f5?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-24001 + metadata: + fofa-query: "wp-content/plugins/ppo-call-to-actions/" + google-query: inurl:"/wp-content/plugins/ppo-call-to-actions/" + shodan-query: 'vuln:CVE-2025-24001' + tags: cve,wordpress,wp-plugin,ppo-call-to-actions,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ppo-call-to-actions/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ppo-call-to-actions" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.1.3') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24542-41aec42b3f018ca3e8f03f974956100b.yaml b/nuclei-templates/2025/CVE-2025-24542-41aec42b3f018ca3e8f03f974956100b.yaml new file mode 100644 index 0000000000..a7889d49ac --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24542-41aec42b3f018ca3e8f03f974956100b.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24542-41aec42b3f018ca3e8f03f974956100b + +info: + name: > + Icegram <= 3.1.31 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Icegram plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.1.31 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1d4ecdfd-3970-4b87-831b-82bfb5a3c390?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-24542 + metadata: + fofa-query: "wp-content/plugins/icegram/" + google-query: inurl:"/wp-content/plugins/icegram/" + shodan-query: 'vuln:CVE-2025-24542' + tags: cve,wordpress,wp-plugin,icegram,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/icegram/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "icegram" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.31') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24546-931f58cfb90dafff2a390e6eb83e7f05.yaml b/nuclei-templates/2025/CVE-2025-24546-931f58cfb90dafff2a390e6eb83e7f05.yaml new file mode 100644 index 0000000000..d9f98647df --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24546-931f58cfb90dafff2a390e6eb83e7f05.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24546-931f58cfb90dafff2a390e6eb83e7f05 + +info: + name: > + Ultimate Coming Soon & Maintenance <= 1.0.9 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + The Ultimate Coming Soon & Maintenance plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.9. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4c51613d-8856-4988-85f0-6405b08bc1e0?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2025-24546 + metadata: + fofa-query: "wp-content/plugins/ultimate-coming-soon/" + google-query: inurl:"/wp-content/plugins/ultimate-coming-soon/" + shodan-query: 'vuln:CVE-2025-24546' + tags: cve,wordpress,wp-plugin,ultimate-coming-soon,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-coming-soon/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-coming-soon" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.9') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24547-afad2733aba9d03b02c80e925ae3cba7.yaml b/nuclei-templates/2025/CVE-2025-24547-afad2733aba9d03b02c80e925ae3cba7.yaml new file mode 100644 index 0000000000..9a15aec149 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24547-afad2733aba9d03b02c80e925ae3cba7.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24547-afad2733aba9d03b02c80e925ae3cba7 + +info: + name: > + Caching Compatible Cookie Opt-In and JavaScript <= 0.0.10 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Caching Compatible Cookie Opt-In and JavaScript plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 0.0.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/42b682be-1a60-449d-8c92-72bd1c3abfd6?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-24547 + metadata: + fofa-query: "wp-content/plugins/caching-compatible-cookie-optin-and-javascript/" + google-query: inurl:"/wp-content/plugins/caching-compatible-cookie-optin-and-javascript/" + shodan-query: 'vuln:CVE-2025-24547' + tags: cve,wordpress,wp-plugin,caching-compatible-cookie-optin-and-javascript,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/caching-compatible-cookie-optin-and-javascript/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "caching-compatible-cookie-optin-and-javascript" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.0.10') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24552-2d2f104c2982e4696be9d8de743888d3.yaml b/nuclei-templates/2025/CVE-2025-24552-2d2f104c2982e4696be9d8de743888d3.yaml new file mode 100644 index 0000000000..7ab30234fa --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24552-2d2f104c2982e4696be9d8de743888d3.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24552-2d2f104c2982e4696be9d8de743888d3 + +info: + name: > + Paytium <= 4.4.11 - Unauthenticated Full Path Disclosure + author: topscoder + severity: medium + description: > + The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 4.4.11. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39adc110-dd99-4447-9d72-2f78e7ebd2cf?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.3 + cve-id: CVE-2025-24552 + metadata: + fofa-query: "wp-content/plugins/paytium/" + google-query: inurl:"/wp-content/plugins/paytium/" + shodan-query: 'vuln:CVE-2025-24552' + tags: cve,wordpress,wp-plugin,paytium,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/paytium/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "paytium" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.4.11') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24555-8ec9ae14644049de1a8747de06667a5c.yaml b/nuclei-templates/2025/CVE-2025-24555-8ec9ae14644049de1a8747de06667a5c.yaml new file mode 100644 index 0000000000..c9ff31a39e --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24555-8ec9ae14644049de1a8747de06667a5c.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24555-8ec9ae14644049de1a8747de06667a5c + +info: + name: > + Subscription DNA <= 2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Subscription DNA® plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/19e8d0a3-56b1-4d4a-ad49-f28707d3b037?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-24555 + metadata: + fofa-query: "wp-content/plugins/subscriptiondna/" + google-query: inurl:"/wp-content/plugins/subscriptiondna/" + shodan-query: 'vuln:CVE-2025-24555' + tags: cve,wordpress,wp-plugin,subscriptiondna,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/subscriptiondna/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "subscriptiondna" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24561-d5282a50cd372948cb64222b2281d0de.yaml b/nuclei-templates/2025/CVE-2025-24561-d5282a50cd372948cb64222b2281d0de.yaml new file mode 100644 index 0000000000..e5f9421bef --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24561-d5282a50cd372948cb64222b2281d0de.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24561-d5282a50cd372948cb64222b2281d0de + +info: + name: > + ReviewsTap <= 1.1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The ReviewsTap plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f64fd871-d9fd-446a-b59a-0c4d8b23c9f1?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-24561 + metadata: + fofa-query: "wp-content/plugins/reviewstap/" + google-query: inurl:"/wp-content/plugins/reviewstap/" + shodan-query: 'vuln:CVE-2025-24561' + tags: cve,wordpress,wp-plugin,reviewstap,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/reviewstap/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "reviewstap" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24562-aa76450e184e5b55dde599c14df922b8.yaml b/nuclei-templates/2025/CVE-2025-24562-aa76450e184e5b55dde599c14df922b8.yaml new file mode 100644 index 0000000000..0da132f20a --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24562-aa76450e184e5b55dde599c14df922b8.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24562-aa76450e184e5b55dde599c14df922b8 + +info: + name: > + KBucket <= 4.1.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The KBucket: Your Curated Content in WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.1.6. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cc09b436-fa3d-4ed0-8b99-e14234332521?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-24562 + metadata: + fofa-query: "wp-content/plugins/kbucket/" + google-query: inurl:"/wp-content/plugins/kbucket/" + shodan-query: 'vuln:CVE-2025-24562' + tags: cve,wordpress,wp-plugin,kbucket,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/kbucket/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "kbucket" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.6') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24568-e26083afc2b01500b1c4ce30e9d4be33.yaml b/nuclei-templates/2025/CVE-2025-24568-e26083afc2b01500b1c4ce30e9d4be33.yaml new file mode 100644 index 0000000000..9ac0f792fb --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24568-e26083afc2b01500b1c4ce30e9d4be33.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24568-e26083afc2b01500b1c4ce30e9d4be33 + +info: + name: > + Starter Templates <= 4.4.9 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + The Starter Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.4.9. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/014392ee-4b24-4b81-954e-fc87727436ab?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2025-24568 + metadata: + fofa-query: "wp-content/plugins/astra-sites/" + google-query: inurl:"/wp-content/plugins/astra-sites/" + shodan-query: 'vuln:CVE-2025-24568' + tags: cve,wordpress,wp-plugin,astra-sites,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/astra-sites/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "astra-sites" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.4.9') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24570-35b51000062539a38319adf06d23d524.yaml b/nuclei-templates/2025/CVE-2025-24570-35b51000062539a38319adf06d23d524.yaml new file mode 100644 index 0000000000..c6b8a1437e --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24570-35b51000062539a38319adf06d23d524.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24570-35b51000062539a38319adf06d23d524 + +info: + name: > + Atarim <= 4.0.8 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/afbfef8e-cdea-4ca0-bd28-08cc30eeec6e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N + cvss-score: 7.2 + cve-id: CVE-2025-24570 + metadata: + fofa-query: "wp-content/plugins/atarim-visual-collaboration/" + google-query: inurl:"/wp-content/plugins/atarim-visual-collaboration/" + shodan-query: 'vuln:CVE-2025-24570' + tags: cve,wordpress,wp-plugin,atarim-visual-collaboration,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/atarim-visual-collaboration/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "atarim-visual-collaboration" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.8') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24571-8aa2a16e497c0b0de387c5ac6e92c25e.yaml b/nuclei-templates/2025/CVE-2025-24571-8aa2a16e497c0b0de387c5ac6e92c25e.yaml new file mode 100644 index 0000000000..4b159791e6 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24571-8aa2a16e497c0b0de387c5ac6e92c25e.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24571-8aa2a16e497c0b0de387c5ac6e92c25e + +info: + name: > + WP Fast Total Search <= 1.78.258 - Missing Authorization + author: topscoder + severity: low + description: > + The WP Fast Total Search – The Power of Indexed Search plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.78.258. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/13aa1288-257a-417e-aad8-86075c9b9abe?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2025-24571 + metadata: + fofa-query: "wp-content/plugins/fulltext-search/" + google-query: inurl:"/wp-content/plugins/fulltext-search/" + shodan-query: 'vuln:CVE-2025-24571' + tags: cve,wordpress,wp-plugin,fulltext-search,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fulltext-search/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fulltext-search" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.78.258') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24572-43259c66c135dd00a72a29fd207a38d1.yaml b/nuclei-templates/2025/CVE-2025-24572-43259c66c135dd00a72a29fd207a38d1.yaml new file mode 100644 index 0000000000..17eed97513 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24572-43259c66c135dd00a72a29fd207a38d1.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24572-43259c66c135dd00a72a29fd207a38d1 + +info: + name: > + WP Fast Total Search <= 1.78.258 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + The WP Fast Total Search plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.78.258. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/97f96f18-3296-4e9b-adae-a073da520778?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2025-24572 + metadata: + fofa-query: "wp-content/plugins/fulltext-search/" + google-query: inurl:"/wp-content/plugins/fulltext-search/" + shodan-query: 'vuln:CVE-2025-24572' + tags: cve,wordpress,wp-plugin,fulltext-search,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fulltext-search/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fulltext-search" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.78.258') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24573-74b1b9e3d8d848ea225200775afadb71.yaml b/nuclei-templates/2025/CVE-2025-24573-74b1b9e3d8d848ea225200775afadb71.yaml new file mode 100644 index 0000000000..1877a84be6 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24573-74b1b9e3d8d848ea225200775afadb71.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24573-74b1b9e3d8d848ea225200775afadb71 + +info: + name: > + PageLayer <= 1.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The PageLayer plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.9.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4d9f7832-3dff-4cb8-a6be-a16449164363?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-24573 + metadata: + fofa-query: "wp-content/plugins/pagelayer/" + google-query: inurl:"/wp-content/plugins/pagelayer/" + shodan-query: 'vuln:CVE-2025-24573' + tags: cve,wordpress,wp-plugin,pagelayer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pagelayer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pagelayer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.4') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24575-0502f98fe81ee0951e11367ed647c988.yaml b/nuclei-templates/2025/CVE-2025-24575-0502f98fe81ee0951e11367ed647c988.yaml new file mode 100644 index 0000000000..4d448d62c2 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24575-0502f98fe81ee0951e11367ed647c988.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24575-0502f98fe81ee0951e11367ed647c988 + +info: + name: > + HelloAsso <= 1.1.11 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The HelloAsso plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/37afe2eb-0671-4dba-babc-f0b286dcb84f?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-24575 + metadata: + fofa-query: "wp-content/plugins/helloasso/" + google-query: inurl:"/wp-content/plugins/helloasso/" + shodan-query: 'vuln:CVE-2025-24575' + tags: cve,wordpress,wp-plugin,helloasso,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/helloasso/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "helloasso" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.11') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24578-4e971704564965511a72b9d59968b0ae.yaml b/nuclei-templates/2025/CVE-2025-24578-4e971704564965511a72b9d59968b0ae.yaml new file mode 100644 index 0000000000..4803888c27 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24578-4e971704564965511a72b9d59968b0ae.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24578-4e971704564965511a72b9d59968b0ae + +info: + name: > + ElementInvader Addons for Elementor <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The ElementInvader Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d84797c7-f1fc-4222-aa75-5b44ef96a4a6?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-24578 + metadata: + fofa-query: "wp-content/plugins/elementinvader-addons-for-elementor/" + google-query: inurl:"/wp-content/plugins/elementinvader-addons-for-elementor/" + shodan-query: 'vuln:CVE-2025-24578' + tags: cve,wordpress,wp-plugin,elementinvader-addons-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/elementinvader-addons-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "elementinvader-addons-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24579-1675a327150fb57a49933b3bb2a90d3e.yaml b/nuclei-templates/2025/CVE-2025-24579-1675a327150fb57a49933b3bb2a90d3e.yaml new file mode 100644 index 0000000000..6b2a7214bf --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24579-1675a327150fb57a49933b3bb2a90d3e.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24579-1675a327150fb57a49933b3bb2a90d3e + +info: + name: > + Nested Pages <= 3.2.9 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Nested Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c8b87b01-e445-4372-b687-6e0b54de66d3?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N + cvss-score: 4.4 + cve-id: CVE-2025-24579 + metadata: + fofa-query: "wp-content/plugins/wp-nested-pages/" + google-query: inurl:"/wp-content/plugins/wp-nested-pages/" + shodan-query: 'vuln:CVE-2025-24579' + tags: cve,wordpress,wp-plugin,wp-nested-pages,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-nested-pages/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-nested-pages" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.9') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24580-1cface937a35f169da9779be3d0eb8fa.yaml b/nuclei-templates/2025/CVE-2025-24580-1cface937a35f169da9779be3d0eb8fa.yaml new file mode 100644 index 0000000000..09e9ac4174 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24580-1cface937a35f169da9779be3d0eb8fa.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24580-1cface937a35f169da9779be3d0eb8fa + +info: + name: > + 12 Step Meeting List <= 3.16.5 - Missing Authorization to Authenticated (Contributor+) Arbitrary Content Deletion + author: topscoder + severity: low + description: > + The 12 Step Meeting List plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the wp_ajax_tsml_delete() function in all versions up to, and including, 3.16.5. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete all meeting data. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d504c2bd-d6a8-4a66-a650-4a18cb32c54a?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2025-24580 + metadata: + fofa-query: "wp-content/plugins/12-step-meeting-list/" + google-query: inurl:"/wp-content/plugins/12-step-meeting-list/" + shodan-query: 'vuln:CVE-2025-24580' + tags: cve,wordpress,wp-plugin,12-step-meeting-list,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/12-step-meeting-list/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "12-step-meeting-list" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.16.5') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24582-38c9fa9f92805b0d8662d8c1c76d88f3.yaml b/nuclei-templates/2025/CVE-2025-24582-38c9fa9f92805b0d8662d8c1c76d88f3.yaml new file mode 100644 index 0000000000..105464da57 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24582-38c9fa9f92805b0d8662d8c1c76d88f3.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24582-38c9fa9f92805b0d8662d8c1c76d88f3 + +info: + name: > + 12 Step Meeting List <= 3.16.5 - Unauthenticated Sensitive Information Exposure + author: topscoder + severity: medium + description: > + The 12 Step Meeting List plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.16.5. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/43f34d3b-ed55-48d1-9074-b33f166e333e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.3 + cve-id: CVE-2025-24582 + metadata: + fofa-query: "wp-content/plugins/12-step-meeting-list/" + google-query: inurl:"/wp-content/plugins/12-step-meeting-list/" + shodan-query: 'vuln:CVE-2025-24582' + tags: cve,wordpress,wp-plugin,12-step-meeting-list,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/12-step-meeting-list/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "12-step-meeting-list" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.16.5') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24585-d3a8e8bd59ab4a3e8f41f5074e510064.yaml b/nuclei-templates/2025/CVE-2025-24585-d3a8e8bd59ab4a3e8f41f5074e510064.yaml new file mode 100644 index 0000000000..0020d34983 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24585-d3a8e8bd59ab4a3e8f41f5074e510064.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24585-d3a8e8bd59ab4a3e8f41f5074e510064 + +info: + name: > + Event post <= 5.9.7 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Event post plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 5.9.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/be9e498b-acad-4909-87c0-e8693af15108?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-24585 + metadata: + fofa-query: "wp-content/plugins/event-post/" + google-query: inurl:"/wp-content/plugins/event-post/" + shodan-query: 'vuln:CVE-2025-24585' + tags: cve,wordpress,wp-plugin,event-post,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/event-post/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "event-post" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.9.7') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24587-17a2e6d37c2e654bacc6ef89d295d3bf.yaml b/nuclei-templates/2025/CVE-2025-24587-17a2e6d37c2e654bacc6ef89d295d3bf.yaml new file mode 100644 index 0000000000..c35b330fbc --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24587-17a2e6d37c2e654bacc6ef89d295d3bf.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24587-17a2e6d37c2e654bacc6ef89d295d3bf + +info: + name: > + Email Subscription Popup <= 1.2.23 - Authenticated (Administrator+) SQL Injection + author: topscoder + severity: low + description: > + The Email Subscription Popup plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.2.23 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5e4ab6c3-fa9a-4643-aaf5-eabbdf909f9f?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N + cvss-score: 4.9 + cve-id: CVE-2025-24587 + metadata: + fofa-query: "wp-content/plugins/email-subscribe/" + google-query: inurl:"/wp-content/plugins/email-subscribe/" + shodan-query: 'vuln:CVE-2025-24587' + tags: cve,wordpress,wp-plugin,email-subscribe,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/email-subscribe/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "email-subscribe" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.23') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24588-1d473028835f1969f237150db8498dff.yaml b/nuclei-templates/2025/CVE-2025-24588-1d473028835f1969f237150db8498dff.yaml new file mode 100644 index 0000000000..195dad29bb --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24588-1d473028835f1969f237150db8498dff.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24588-1d473028835f1969f237150db8498dff + +info: + name: > + Patreon WordPress <= 1.9.1 - Missing Authorization + author: topscoder + severity: high + description: > + The Patreon WordPress plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.9.1. This makes it possible for unauthenticated attackers to perform an unauthorized action. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f008d502-e554-489d-bb97-fed18fa6547d?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N + cvss-score: 5.3 + cve-id: CVE-2025-24588 + metadata: + fofa-query: "wp-content/plugins/patreon-connect/" + google-query: inurl:"/wp-content/plugins/patreon-connect/" + shodan-query: 'vuln:CVE-2025-24588' + tags: cve,wordpress,wp-plugin,patreon-connect,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/patreon-connect/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "patreon-connect" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24589-d6e6fb54ebdbe903b88b4fca425dd046.yaml b/nuclei-templates/2025/CVE-2025-24589-d6e6fb54ebdbe903b88b4fca425dd046.yaml new file mode 100644 index 0000000000..6cfaccf1d0 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24589-d6e6fb54ebdbe903b88b4fca425dd046.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24589-d6e6fb54ebdbe903b88b4fca425dd046 + +info: + name: > + JSM Show Post Metadata <= 4.6.0 - Missing Authorization + author: topscoder + severity: low + description: > + The JSM Show Post Metadata plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 4.6.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f2eccedd-c75e-41d8-b2de-9977b1143cc2?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2025-24589 + metadata: + fofa-query: "wp-content/plugins/jsm-show-post-meta/" + google-query: inurl:"/wp-content/plugins/jsm-show-post-meta/" + shodan-query: 'vuln:CVE-2025-24589' + tags: cve,wordpress,wp-plugin,jsm-show-post-meta,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jsm-show-post-meta/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jsm-show-post-meta" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.6.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24591-d359dd005d33c4c6492c43c26919b8eb.yaml b/nuclei-templates/2025/CVE-2025-24591-d359dd005d33c4c6492c43c26919b8eb.yaml new file mode 100644 index 0000000000..0b6967aa85 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24591-d359dd005d33c4c6492c43c26919b8eb.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24591-d359dd005d33c4c6492c43c26919b8eb + +info: + name: > + GDPR CCPA Compliance Support <= 2.7.1 - Missing Authorization + author: topscoder + severity: low + description: > + The GDPR CCPA Compliance & Cookie Consent Banner plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.7.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to perform an unauthorized action. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a61c5999-6e7f-4ff9-8ed9-e3e2df9ceb6b?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2025-24591 + metadata: + fofa-query: "wp-content/plugins/ninja-gdpr-compliance/" + google-query: inurl:"/wp-content/plugins/ninja-gdpr-compliance/" + shodan-query: 'vuln:CVE-2025-24591' + tags: cve,wordpress,wp-plugin,ninja-gdpr-compliance,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ninja-gdpr-compliance/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ninja-gdpr-compliance" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24594-44d5cd894271ee87d753cbbd5aed6adf.yaml b/nuclei-templates/2025/CVE-2025-24594-44d5cd894271ee87d753cbbd5aed6adf.yaml new file mode 100644 index 0000000000..1fa38c6a8b --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24594-44d5cd894271ee87d753cbbd5aed6adf.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24594-44d5cd894271ee87d753cbbd5aed6adf + +info: + name: > + Linet ERP-Woocommerce Integration <= 3.5.7 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + The Linet ERP-Woocommerce Integration plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.7. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/969a9357-47ce-4c7e-a259-559a2584485a?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2025-24594 + metadata: + fofa-query: "wp-content/plugins/linet-erp-woocommerce-integration/" + google-query: inurl:"/wp-content/plugins/linet-erp-woocommerce-integration/" + shodan-query: 'vuln:CVE-2025-24594' + tags: cve,wordpress,wp-plugin,linet-erp-woocommerce-integration,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/linet-erp-woocommerce-integration/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "linet-erp-woocommerce-integration" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.7') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24595-27a931d2674c13461ae46e6370328846.yaml b/nuclei-templates/2025/CVE-2025-24595-27a931d2674c13461ae46e6370328846.yaml new file mode 100644 index 0000000000..8809308dce --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24595-27a931d2674c13461ae46e6370328846.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24595-27a931d2674c13461ae46e6370328846 + +info: + name: > + All Embed – Elementor Addons <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The All Embed – Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ec1f4180-6fa0-418b-8387-553890cfed0a?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-24595 + metadata: + fofa-query: "wp-content/plugins/all-embed-addons-for-elementor/" + google-query: inurl:"/wp-content/plugins/all-embed-addons-for-elementor/" + shodan-query: 'vuln:CVE-2025-24595' + tags: cve,wordpress,wp-plugin,all-embed-addons-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/all-embed-addons-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "all-embed-addons-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.3') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24596-8bf64254a0ba922b808050dce4d92537.yaml b/nuclei-templates/2025/CVE-2025-24596-8bf64254a0ba922b808050dce4d92537.yaml new file mode 100644 index 0000000000..8a051629cc --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24596-8bf64254a0ba922b808050dce4d92537.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24596-8bf64254a0ba922b808050dce4d92537 + +info: + name: > + WooCommerce Product Table Lite <= 3.8.7 - Missing Authorization + author: topscoder + severity: high + description: > + The WooCommerce Product Table Lite plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.8.7. This makes it possible for unauthenticated attackers to perform an unauthorized action. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/81f00661-1dfa-426f-b775-aaa4712d34bc?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N + cvss-score: 5.3 + cve-id: CVE-2025-24596 + metadata: + fofa-query: "wp-content/plugins/wc-product-table-lite/" + google-query: inurl:"/wp-content/plugins/wc-product-table-lite/" + shodan-query: 'vuln:CVE-2025-24596' + tags: cve,wordpress,wp-plugin,wc-product-table-lite,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wc-product-table-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wc-product-table-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.8.7') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24600-106baaf3199b8d95ab240ebdc6ca4381.yaml b/nuclei-templates/2025/CVE-2025-24600-106baaf3199b8d95ab240ebdc6ca4381.yaml new file mode 100644 index 0000000000..0c7e1e8fda --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24600-106baaf3199b8d95ab240ebdc6ca4381.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24600-106baaf3199b8d95ab240ebdc6ca4381 + +info: + name: > + RSVPMarker <= 11.4.5 - Missing Authorization + author: topscoder + severity: high + description: > + The RSVPMaker plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 11.4.5. This makes it possible for unauthenticated attackers to perform an unauthorized action. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c30c6fc1-4693-40e9-8909-119a656bd985?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N + cvss-score: 5.3 + cve-id: CVE-2025-24600 + metadata: + fofa-query: "wp-content/plugins/rsvpmaker/" + google-query: inurl:"/wp-content/plugins/rsvpmaker/" + shodan-query: 'vuln:CVE-2025-24600' + tags: cve,wordpress,wp-plugin,rsvpmaker,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rsvpmaker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rsvpmaker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 11.4.5') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24601-51aad2a2487d43e6dd1ee279e40fe187.yaml b/nuclei-templates/2025/CVE-2025-24601-51aad2a2487d43e6dd1ee279e40fe187.yaml new file mode 100644 index 0000000000..2d749be503 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24601-51aad2a2487d43e6dd1ee279e40fe187.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24601-51aad2a2487d43e6dd1ee279e40fe187 + +info: + name: > + FundPress <= 2.0.6 - Unauthenticated PHP Object Injection + author: topscoder + severity: critical + description: > + The FundPress plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.0.6 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0177ceb7-d507-468a-9b64-629237bc7306?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.1 + cve-id: CVE-2025-24601 + metadata: + fofa-query: "wp-content/plugins/fundpress/" + google-query: inurl:"/wp-content/plugins/fundpress/" + shodan-query: 'vuln:CVE-2025-24601' + tags: cve,wordpress,wp-plugin,fundpress,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fundpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fundpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.6') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24603-8562f4c1d50d6fd92e0f18a91c286681.yaml b/nuclei-templates/2025/CVE-2025-24603-8562f4c1d50d6fd92e0f18a91c286681.yaml new file mode 100644 index 0000000000..fe04a5638c --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24603-8562f4c1d50d6fd92e0f18a91c286681.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24603-8562f4c1d50d6fd92e0f18a91c286681 + +info: + name: > + Print Barcode Labels for your WooCommerce products/orders <= 3.4.10 - Missing Authorization + author: topscoder + severity: low + description: > + The Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.4.10. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7a71c1e1-c0f5-4b11-9f15-02ac22e4a376?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2025-24603 + metadata: + fofa-query: "wp-content/plugins/a4-barcode-generator/" + google-query: inurl:"/wp-content/plugins/a4-barcode-generator/" + shodan-query: 'vuln:CVE-2025-24603' + tags: cve,wordpress,wp-plugin,a4-barcode-generator,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/a4-barcode-generator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "a4-barcode-generator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.10') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24604-aa67ccb78caf1cfb6581e407a1e6c6e0.yaml b/nuclei-templates/2025/CVE-2025-24604-aa67ccb78caf1cfb6581e407a1e6c6e0.yaml new file mode 100644 index 0000000000..cdac7620f3 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24604-aa67ccb78caf1cfb6581e407a1e6c6e0.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24604-aa67ccb78caf1cfb6581e407a1e6c6e0 + +info: + name: > + VForm <= 3.0.5 - Missing Authorization + author: topscoder + severity: low + description: > + The Lifetime free Drag & Drop Contact Form Builder for WordPress VForm plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.0.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c3175913-8040-41e1-9f31-a63b03d7bad5?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2025-24604 + metadata: + fofa-query: "wp-content/plugins/v-form/" + google-query: inurl:"/wp-content/plugins/v-form/" + shodan-query: 'vuln:CVE-2025-24604' + tags: cve,wordpress,wp-plugin,v-form,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/v-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "v-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.5') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24610-bfcfce6c11e82a798c9430956d6569f6.yaml b/nuclei-templates/2025/CVE-2025-24610-bfcfce6c11e82a798c9430956d6569f6.yaml new file mode 100644 index 0000000000..4e28690743 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24610-bfcfce6c11e82a798c9430956d6569f6.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24610-bfcfce6c11e82a798c9430956d6569f6 + +info: + name: > + Restrict Anonymous Access <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Restrict Anonymous Access plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/08ecde76-3249-4be2-81b8-cccc60f73063?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-24610 + metadata: + fofa-query: "wp-content/plugins/restrict-anonymous-access/" + google-query: inurl:"/wp-content/plugins/restrict-anonymous-access/" + shodan-query: 'vuln:CVE-2025-24610' + tags: cve,wordpress,wp-plugin,restrict-anonymous-access,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/restrict-anonymous-access/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "restrict-anonymous-access" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24611-e76860a6454f3e21c245432d34b2432b.yaml b/nuclei-templates/2025/CVE-2025-24611-e76860a6454f3e21c245432d34b2432b.yaml new file mode 100644 index 0000000000..7bd65a9427 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24611-e76860a6454f3e21c245432d34b2432b.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24611-e76860a6454f3e21c245432d34b2432b + +info: + name: > + WP Ultimate Exporter <= 2.9 - Authenticated (Admin+) Arbitrary File Read + author: topscoder + severity: low + description: > + The Export All Posts, Products, Orders, Refunds & Users plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.9. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/72fb0557-27ac-40fe-8440-06c89e1133be?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N + cvss-score: 4.9 + cve-id: CVE-2025-24611 + metadata: + fofa-query: "wp-content/plugins/wp-ultimate-exporter/" + google-query: inurl:"/wp-content/plugins/wp-ultimate-exporter/" + shodan-query: 'vuln:CVE-2025-24611' + tags: cve,wordpress,wp-plugin,wp-ultimate-exporter,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-ultimate-exporter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-ultimate-exporter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24613-4ac33e687bc1baf6c567e190d3cfdb1c.yaml b/nuclei-templates/2025/CVE-2025-24613-4ac33e687bc1baf6c567e190d3cfdb1c.yaml new file mode 100644 index 0000000000..8846b1abae --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24613-4ac33e687bc1baf6c567e190d3cfdb1c.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24613-4ac33e687bc1baf6c567e190d3cfdb1c + +info: + name: > + FV Thoughtful Comments <= 0.3.5 - Missing Authorization + author: topscoder + severity: low + description: > + The FV Thoughtful Comments plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 0.3.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/07904ed6-ff3c-41b6-a0ee-87fdbfd14bea?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 3.1 + cve-id: CVE-2025-24613 + metadata: + fofa-query: "wp-content/plugins/thoughtful-comments/" + google-query: inurl:"/wp-content/plugins/thoughtful-comments/" + shodan-query: 'vuln:CVE-2025-24613' + tags: cve,wordpress,wp-plugin,thoughtful-comments,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/thoughtful-comments/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "thoughtful-comments" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.3.5') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24618-9350b401b878382585a3e867625ba36a.yaml b/nuclei-templates/2025/CVE-2025-24618-9350b401b878382585a3e867625ba36a.yaml new file mode 100644 index 0000000000..952d66d9b5 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24618-9350b401b878382585a3e867625ba36a.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24618-9350b401b878382585a3e867625ba36a + +info: + name: > + ElementInvader Addons for Elementor <= 1.3.1 - Missing Authorization + author: topscoder + severity: low + description: > + The ElementInvader Addons for Elementor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.3.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to perform an unauthorized action. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/adc8926d-267e-49d5-83b2-68b390ca2d0a?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2025-24618 + metadata: + fofa-query: "wp-content/plugins/elementinvader-addons-for-elementor/" + google-query: inurl:"/wp-content/plugins/elementinvader-addons-for-elementor/" + shodan-query: 'vuln:CVE-2025-24618' + tags: cve,wordpress,wp-plugin,elementinvader-addons-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/elementinvader-addons-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "elementinvader-addons-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24622-9821a02a333e4d34cb30778d0d1ee47b.yaml b/nuclei-templates/2025/CVE-2025-24622-9821a02a333e4d34cb30778d0d1ee47b.yaml new file mode 100644 index 0000000000..2171cceeda --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24622-9821a02a333e4d34cb30778d0d1ee47b.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24622-9821a02a333e4d34cb30778d0d1ee47b + +info: + name: > + Job Board Manager <= 2.1.59 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + The Job Board Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.59. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/66b59837-b0e6-4bab-b7b6-7c3510164f04?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2025-24622 + metadata: + fofa-query: "wp-content/plugins/job-board-manager/" + google-query: inurl:"/wp-content/plugins/job-board-manager/" + shodan-query: 'vuln:CVE-2025-24622' + tags: cve,wordpress,wp-plugin,job-board-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/job-board-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "job-board-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.59') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24623-b1ff77f031fdbe0943f3f55e4d200482.yaml b/nuclei-templates/2025/CVE-2025-24623-b1ff77f031fdbe0943f3f55e4d200482.yaml new file mode 100644 index 0000000000..de808fbd7d --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24623-b1ff77f031fdbe0943f3f55e4d200482.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24623-b1ff77f031fdbe0943f3f55e4d200482 + +info: + name: > + Really Simple SSL <= 9.1.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + The Really Simple SSL plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 9.1.4. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9a322b84-93cf-4793-956f-c2e53574041c?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2025-24623 + metadata: + fofa-query: "wp-content/plugins/really-simple-ssl/" + google-query: inurl:"/wp-content/plugins/really-simple-ssl/" + shodan-query: 'vuln:CVE-2025-24623' + tags: cve,wordpress,wp-plugin,really-simple-ssl,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/really-simple-ssl/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "really-simple-ssl" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.1.4') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24625-633c4da4e0e67f34447e39b6f06cf7b0.yaml b/nuclei-templates/2025/CVE-2025-24625-633c4da4e0e67f34447e39b6f06cf7b0.yaml new file mode 100644 index 0000000000..95c696d213 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24625-633c4da4e0e67f34447e39b6f06cf7b0.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24625-633c4da4e0e67f34447e39b6f06cf7b0 + +info: + name: > + Taxonomy/Term and Role based Discounts for WooCommerce <= 5.1 - Cross-Site Request Forgery to Settings Update + author: topscoder + severity: medium + description: > + The Taxonomy/Term and Role based Discounts for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ff5d0ffb-c703-4bd1-83a0-c02e3744dd03?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2025-24625 + metadata: + fofa-query: "wp-content/plugins/taxonomy-discounts-woocommerce/" + google-query: inurl:"/wp-content/plugins/taxonomy-discounts-woocommerce/" + shodan-query: 'vuln:CVE-2025-24625' + tags: cve,wordpress,wp-plugin,taxonomy-discounts-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/taxonomy-discounts-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "taxonomy-discounts-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24627-6dc1097f4c3f0a50a583649d990336cd.yaml b/nuclei-templates/2025/CVE-2025-24627-6dc1097f4c3f0a50a583649d990336cd.yaml new file mode 100644 index 0000000000..a130b264d1 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24627-6dc1097f4c3f0a50a583649d990336cd.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24627-6dc1097f4c3f0a50a583649d990336cd + +info: + name: > + Blur Text <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Blur Text plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c7780eea-230b-41ad-addd-92791e5ab432?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-24627 + metadata: + fofa-query: "wp-content/plugins/blur-text/" + google-query: inurl:"/wp-content/plugins/blur-text/" + shodan-query: 'vuln:CVE-2025-24627' + tags: cve,wordpress,wp-plugin,blur-text,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/blur-text/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "blur-text" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24633-e10022c65389fd6aff640b0128efc97d.yaml b/nuclei-templates/2025/CVE-2025-24633-e10022c65389fd6aff640b0128efc97d.yaml new file mode 100644 index 0000000000..49215affb9 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24633-e10022c65389fd6aff640b0128efc97d.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24633-e10022c65389fd6aff640b0128efc97d + +info: + name: > + Build Private Store For Woocommerce <= 1.0 - Missing Authorization + author: topscoder + severity: high + description: > + The Build Private Store For Woocommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to perform an unauthorized action. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7a25d691-ba1e-41e6-9923-9c8d16b993a2?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N + cvss-score: 5.3 + cve-id: CVE-2025-24633 + metadata: + fofa-query: "wp-content/plugins/build-private-store-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/build-private-store-for-woocommerce/" + shodan-query: 'vuln:CVE-2025-24633' + tags: cve,wordpress,wp-plugin,build-private-store-for-woocommerce,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/build-private-store-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "build-private-store-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24634-b2a0570636527b2914a8e74c27f4c7fa.yaml b/nuclei-templates/2025/CVE-2025-24634-b2a0570636527b2914a8e74c27f4c7fa.yaml new file mode 100644 index 0000000000..1ef6707e70 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24634-b2a0570636527b2914a8e74c27f4c7fa.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24634-b2a0570636527b2914a8e74c27f4c7fa + +info: + name: > + Orbisius Simple Notice <= 1.1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Orbisius Simple Notice plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/94aca046-a680-4d13-a7ba-501573aace59?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N + cvss-score: 4.4 + cve-id: CVE-2025-24634 + metadata: + fofa-query: "wp-content/plugins/orbisius-simple-notice/" + google-query: inurl:"/wp-content/plugins/orbisius-simple-notice/" + shodan-query: 'vuln:CVE-2025-24634' + tags: cve,wordpress,wp-plugin,orbisius-simple-notice,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/orbisius-simple-notice/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "orbisius-simple-notice" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.3') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24636-ad8dcd370010379926bb13e512ad7161.yaml b/nuclei-templates/2025/CVE-2025-24636-ad8dcd370010379926bb13e512ad7161.yaml new file mode 100644 index 0000000000..ffee7235d3 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24636-ad8dcd370010379926bb13e512ad7161.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24636-ad8dcd370010379926bb13e512ad7161 + +info: + name: > + MachForm Shortcode <= 1.4.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The MachForm Shortcode plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f89373e8-2fef-427e-854b-8b78b5781288?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-24636 + metadata: + fofa-query: "wp-content/plugins/machform-shortcode/" + google-query: inurl:"/wp-content/plugins/machform-shortcode/" + shodan-query: 'vuln:CVE-2025-24636' + tags: cve,wordpress,wp-plugin,machform-shortcode,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/machform-shortcode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "machform-shortcode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24638-5b9ac3f07e73028b46bc9f6c22d89444.yaml b/nuclei-templates/2025/CVE-2025-24638-5b9ac3f07e73028b46bc9f6c22d89444.yaml new file mode 100644 index 0000000000..e024dc4124 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24638-5b9ac3f07e73028b46bc9f6c22d89444.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24638-5b9ac3f07e73028b46bc9f6c22d89444 + +info: + name: > + Create with Code <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Create with Code plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a4f6df09-a677-44bc-a2bb-88a7f14c7426?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-24638 + metadata: + fofa-query: "wp-content/plugins/create-with-code/" + google-query: inurl:"/wp-content/plugins/create-with-code/" + shodan-query: 'vuln:CVE-2025-24638' + tags: cve,wordpress,wp-plugin,create-with-code,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/create-with-code/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "create-with-code" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24644-6491b7566c705667e2bd56b95ce23519.yaml b/nuclei-templates/2025/CVE-2025-24644-6491b7566c705667e2bd56b95ce23519.yaml new file mode 100644 index 0000000000..33d78de245 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24644-6491b7566c705667e2bd56b95ce23519.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24644-6491b7566c705667e2bd56b95ce23519 + +info: + name: > + WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels <= 4.7.1 - Authenticated (Shop Manager+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Shop Manager-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c29b9cb5-fd47-47d6-a341-a4b5ca0683f1?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N + cvss-score: 4.4 + cve-id: CVE-2025-24644 + metadata: + fofa-query: "wp-content/plugins/print-invoices-packing-slip-labels-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/print-invoices-packing-slip-labels-for-woocommerce/" + shodan-query: 'vuln:CVE-2025-24644' + tags: cve,wordpress,wp-plugin,print-invoices-packing-slip-labels-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/print-invoices-packing-slip-labels-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "print-invoices-packing-slip-labels-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.7.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24647-0475eec91840dd63a5c8b661487e76af.yaml b/nuclei-templates/2025/CVE-2025-24647-0475eec91840dd63a5c8b661487e76af.yaml new file mode 100644 index 0000000000..a42c313214 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24647-0475eec91840dd63a5c8b661487e76af.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24647-0475eec91840dd63a5c8b661487e76af + +info: + name: > + WooCommerce Cloak Affiliate Links <= 1.0.35 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + The WooCommerce Cloak Affiliate Links plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.35. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1b9103b9-a33d-4838-9454-70fa5277c5a0?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2025-24647 + metadata: + fofa-query: "wp-content/plugins/woocommerce-cloak-affiliate-links/" + google-query: inurl:"/wp-content/plugins/woocommerce-cloak-affiliate-links/" + shodan-query: 'vuln:CVE-2025-24647' + tags: cve,wordpress,wp-plugin,woocommerce-cloak-affiliate-links,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-cloak-affiliate-links/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-cloak-affiliate-links" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.35') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24649-95cf320f69990624c1dfab4319f0f169.yaml b/nuclei-templates/2025/CVE-2025-24649-95cf320f69990624c1dfab4319f0f169.yaml new file mode 100644 index 0000000000..819fa0704c --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24649-95cf320f69990624c1dfab4319f0f169.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24649-95cf320f69990624c1dfab4319f0f169 + +info: + name: > + Admin and Site Enhancements (ASE) <= 7.6.2 - Missing Authorization + author: topscoder + severity: low + description: > + The Admin and Site Enhancements (ASE) plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 7.6.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1a4321d5-b472-4571-8dc1-96419b59c6c7?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 3.1 + cve-id: CVE-2025-24649 + metadata: + fofa-query: "wp-content/plugins/admin-site-enhancements/" + google-query: inurl:"/wp-content/plugins/admin-site-enhancements/" + shodan-query: 'vuln:CVE-2025-24649' + tags: cve,wordpress,wp-plugin,admin-site-enhancements,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/admin-site-enhancements/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "admin-site-enhancements" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.6.2') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24650-ea9d0fb98533f6b6354f1812504aff43.yaml b/nuclei-templates/2025/CVE-2025-24650-ea9d0fb98533f6b6354f1812504aff43.yaml new file mode 100644 index 0000000000..ad101dd3a1 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24650-ea9d0fb98533f6b6354f1812504aff43.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24650-ea9d0fb98533f6b6354f1812504aff43 + +info: + name: > + Tourfic <= 2.15.3 - Authenticated (Admin+) Arbitrary File Upload + author: topscoder + severity: low + description: > + The Tourfic – Ultimate Hotel Booking, Travel Booking & Car Rental WordPress Plugin | WooCommerce Booking plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 2.15.3. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ec2c0542-b5ae-4595-b712-ddcd27d21183?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H + cvss-score: 7.2 + cve-id: CVE-2025-24650 + metadata: + fofa-query: "wp-content/plugins/tourfic/" + google-query: inurl:"/wp-content/plugins/tourfic/" + shodan-query: 'vuln:CVE-2025-24650' + tags: cve,wordpress,wp-plugin,tourfic,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tourfic/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tourfic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.15.3') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24652-3b5bfb08d6d3d10f3cd61061b4f4a770.yaml b/nuclei-templates/2025/CVE-2025-24652-3b5bfb08d6d3d10f3cd61061b4f4a770.yaml new file mode 100644 index 0000000000..d853aad0ea --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24652-3b5bfb08d6d3d10f3cd61061b4f4a770.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24652-3b5bfb08d6d3d10f3cd61061b4f4a770 + +info: + name: > + WP Duplicate – WordPress Migration Plugin <= 1.1.6 - Missing Authorization + author: topscoder + severity: low + description: > + The WP Duplicate – WordPress Migration Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.1.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0ca7291d-1309-4129-8244-cff6b6de45c0?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2025-24652 + metadata: + fofa-query: "wp-content/plugins/local-sync/" + google-query: inurl:"/wp-content/plugins/local-sync/" + shodan-query: 'vuln:CVE-2025-24652' + tags: cve,wordpress,wp-plugin,local-sync,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/local-sync/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "local-sync" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.6') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24653-4a639c27bc6e94726a9c817db36d1e8b.yaml b/nuclei-templates/2025/CVE-2025-24653-4a639c27bc6e94726a9c817db36d1e8b.yaml new file mode 100644 index 0000000000..d319cf905b --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24653-4a639c27bc6e94726a9c817db36d1e8b.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24653-4a639c27bc6e94726a9c817db36d1e8b + +info: + name: > + Admin and Site Enhancements (ASE) Pro <= 7.6.1.1 - Missing Authorization + author: topscoder + severity: low + description: > + The admin-site-enhancements-pro plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 7.6.1.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ac07cc53-311d-465e-a00f-8aa37fec2ad9?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2025-24653 + metadata: + fofa-query: "wp-content/plugins/admin-site-enhancements-pro/" + google-query: inurl:"/wp-content/plugins/admin-site-enhancements-pro/" + shodan-query: 'vuln:CVE-2025-24653' + tags: cve,wordpress,wp-plugin,admin-site-enhancements-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/admin-site-enhancements-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "admin-site-enhancements-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.6.1.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24657-9bc2e7b1ec4f4fc87c68f5944c091250.yaml b/nuclei-templates/2025/CVE-2025-24657-9bc2e7b1ec4f4fc87c68f5944c091250.yaml new file mode 100644 index 0000000000..958d7fef6f --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24657-9bc2e7b1ec4f4fc87c68f5944c091250.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24657-9bc2e7b1ec4f4fc87c68f5944c091250 + +info: + name: > + Wishlist for WooCommerce <= 2.1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Wishlist for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b94303b5-2ee6-4549-ae59-74e0a0b00fa3?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N + cvss-score: 4.4 + cve-id: CVE-2025-24657 + metadata: + fofa-query: "wp-content/plugins/wt-woocommerce-wishlist/" + google-query: inurl:"/wp-content/plugins/wt-woocommerce-wishlist/" + shodan-query: 'vuln:CVE-2025-24657' + tags: cve,wordpress,wp-plugin,wt-woocommerce-wishlist,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wt-woocommerce-wishlist/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wt-woocommerce-wishlist" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.2') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24658-bb57970a6f700ed06fb576996e4f2dc7.yaml b/nuclei-templates/2025/CVE-2025-24658-bb57970a6f700ed06fb576996e4f2dc7.yaml new file mode 100644 index 0000000000..383e012d89 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24658-bb57970a6f700ed06fb576996e4f2dc7.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24658-bb57970a6f700ed06fb576996e4f2dc7 + +info: + name: > + Auction Nudge – Your eBay on Your Site <= 7.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Auction Nudge – Your eBay on Your Site plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 7.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a5e803ed-6dfb-4845-8efe-addaea89029f?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N + cvss-score: 4.4 + cve-id: CVE-2025-24658 + metadata: + fofa-query: "wp-content/plugins/auction-nudge/" + google-query: inurl:"/wp-content/plugins/auction-nudge/" + shodan-query: 'vuln:CVE-2025-24658' + tags: cve,wordpress,wp-plugin,auction-nudge,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/auction-nudge/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "auction-nudge" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.2.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24659-8a07fef035e610de7cb940f321686e8d.yaml b/nuclei-templates/2025/CVE-2025-24659-8a07fef035e610de7cb940f321686e8d.yaml new file mode 100644 index 0000000000..f26f117c8a --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24659-8a07fef035e610de7cb940f321686e8d.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24659-8a07fef035e610de7cb940f321686e8d + +info: + name: > + Premium Packages <= 5.9.6 - Authenticated (Administrator+) SQL Injection + author: topscoder + severity: low + description: > + The Premium Packages plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 5.9.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/62c28db1-094c-46b7-992f-428d36cdd6ba?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N + cvss-score: 4.9 + cve-id: CVE-2025-24659 + metadata: + fofa-query: "wp-content/plugins/wpdm-premium-packages/" + google-query: inurl:"/wp-content/plugins/wpdm-premium-packages/" + shodan-query: 'vuln:CVE-2025-24659' + tags: cve,wordpress,wp-plugin,wpdm-premium-packages,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpdm-premium-packages/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpdm-premium-packages" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.9.6') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24662-9272a8fdc05a189a144e1c7cc15a993a.yaml b/nuclei-templates/2025/CVE-2025-24662-9272a8fdc05a189a144e1c7cc15a993a.yaml new file mode 100644 index 0000000000..b48cdf2132 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24662-9272a8fdc05a189a144e1c7cc15a993a.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24662-9272a8fdc05a189a144e1c7cc15a993a + +info: + name: > + LearnDash LMS <= 4.20.0.1 - Missing Authorization + author: topscoder + severity: high + description: > + The LearnDash LMS plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 4.20.0.1. This makes it possible for unauthenticated attackers to perform an unauthorized action. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8cd7bbfb-57e7-4bee-ad99-b8e9710da81d?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N + cvss-score: 5.3 + cve-id: CVE-2025-24662 + metadata: + fofa-query: "wp-content/plugins/sfwd-lms/" + google-query: inurl:"/wp-content/plugins/sfwd-lms/" + shodan-query: 'vuln:CVE-2025-24662' + tags: cve,wordpress,wp-plugin,sfwd-lms,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)learndash_quiz_front.min.css\\?ver=([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)learndash_quiz_front.min.css\\?ver=([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sfwd-lms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.20.0.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24663-d430b62ae10ac04d33f00e30b9fd4eac.yaml b/nuclei-templates/2025/CVE-2025-24663-d430b62ae10ac04d33f00e30b9fd4eac.yaml new file mode 100644 index 0000000000..247cd62f6f --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24663-d430b62ae10ac04d33f00e30b9fd4eac.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24663-d430b62ae10ac04d33f00e30b9fd4eac + +info: + name: > + Simple Download Monitor <= 3.9.25 - Authenticated (Administrator+) SQL Injection + author: topscoder + severity: low + description: > + The Simple Download Monitor plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 3.9.25 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c26e5109-aaf8-4bba-9331-b8baaf109a55?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N + cvss-score: 4.9 + cve-id: CVE-2025-24663 + metadata: + fofa-query: "wp-content/plugins/simple-download-monitor/" + google-query: inurl:"/wp-content/plugins/simple-download-monitor/" + shodan-query: 'vuln:CVE-2025-24663' + tags: cve,wordpress,wp-plugin,simple-download-monitor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-download-monitor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-download-monitor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.9.25') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24664-2711efbc5e0a3edf7a5b94289e728b82.yaml b/nuclei-templates/2025/CVE-2025-24664-2711efbc5e0a3edf7a5b94289e728b82.yaml new file mode 100644 index 0000000000..2a23f3adcf --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24664-2711efbc5e0a3edf7a5b94289e728b82.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24664-2711efbc5e0a3edf7a5b94289e728b82 + +info: + name: > + LTL Freight Quotes – Worldwide Express Edition <= 5.0.20 - Unauthenticated SQL Injection + author: topscoder + severity: critical + description: > + The LTL Freight Quotes – Worldwide Express Edition plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 5.0.20 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0d379aab-9fc7-4012-83d9-f55a1bd26918?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cve-id: CVE-2025-24664 + metadata: + fofa-query: "wp-content/plugins/ltl-freight-quotes-worldwide-express-edition/" + google-query: inurl:"/wp-content/plugins/ltl-freight-quotes-worldwide-express-edition/" + shodan-query: 'vuln:CVE-2025-24664' + tags: cve,wordpress,wp-plugin,ltl-freight-quotes-worldwide-express-edition,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ltl-freight-quotes-worldwide-express-edition/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ltl-freight-quotes-worldwide-express-edition" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.0.20') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24665-5ae60206200c32b20708cfaef192e754.yaml b/nuclei-templates/2025/CVE-2025-24665-5ae60206200c32b20708cfaef192e754.yaml new file mode 100644 index 0000000000..575e35554f --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24665-5ae60206200c32b20708cfaef192e754.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24665-5ae60206200c32b20708cfaef192e754 + +info: + name: > + Small Package Quotes – Unishippers Edition <= 2.4.8 - Unauthenticated SQL Injection + author: topscoder + severity: critical + description: > + The Small Package Quotes – Unishippers Edition plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 2.4.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c2346543-c05a-4c69-9b1d-3d33c860c385?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cve-id: CVE-2025-24665 + metadata: + fofa-query: "wp-content/plugins/small-package-quotes-unishippers-edition/" + google-query: inurl:"/wp-content/plugins/small-package-quotes-unishippers-edition/" + shodan-query: 'vuln:CVE-2025-24665' + tags: cve,wordpress,wp-plugin,small-package-quotes-unishippers-edition,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/small-package-quotes-unishippers-edition/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "small-package-quotes-unishippers-edition" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.8') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24666-135df544deb1f455bd048051893dabf1.yaml b/nuclei-templates/2025/CVE-2025-24666-135df544deb1f455bd048051893dabf1.yaml new file mode 100644 index 0000000000..c3b2eac7e2 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24666-135df544deb1f455bd048051893dabf1.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24666-135df544deb1f455bd048051893dabf1 + +info: + name: > + AI Chatbot for WordPress – Hyve Lite <= 1.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The AI Chatbot for WordPress – Hyve Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3e0f7fa4-2d0d-4206-a3ff-97bf95c84808?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N + cvss-score: 4.4 + cve-id: CVE-2025-24666 + metadata: + fofa-query: "wp-content/plugins/hyve-lite/" + google-query: inurl:"/wp-content/plugins/hyve-lite/" + shodan-query: 'vuln:CVE-2025-24666' + tags: cve,wordpress,wp-plugin,hyve-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/hyve-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "hyve-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.2') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24667-a7a42d67aa5d6839aafee7e8c3c91170.yaml b/nuclei-templates/2025/CVE-2025-24667-a7a42d67aa5d6839aafee7e8c3c91170.yaml new file mode 100644 index 0000000000..d87015745b --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24667-a7a42d67aa5d6839aafee7e8c3c91170.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24667-a7a42d67aa5d6839aafee7e8c3c91170 + +info: + name: > + Small Package Quotes – Worldwide Express Edition <= 5.2.17 - Unauthenticated SQL Injection + author: topscoder + severity: critical + description: > + The Small Package Quotes – Worldwide Express Edition plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 5.2.17 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1d8f3874-dca7-404c-802a-a6b5d935e3a3?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cve-id: CVE-2025-24667 + metadata: + fofa-query: "wp-content/plugins/small-package-quotes-wwe-edition/" + google-query: inurl:"/wp-content/plugins/small-package-quotes-wwe-edition/" + shodan-query: 'vuln:CVE-2025-24667' + tags: cve,wordpress,wp-plugin,small-package-quotes-wwe-edition,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/small-package-quotes-wwe-edition/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "small-package-quotes-wwe-edition" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.2.17') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24668-f9cfb624e3940276ab6dac541f1817bf.yaml b/nuclei-templates/2025/CVE-2025-24668-f9cfb624e3940276ab6dac541f1817bf.yaml new file mode 100644 index 0000000000..856a09ee89 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24668-f9cfb624e3940276ab6dac541f1817bf.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24668-f9cfb624e3940276ab6dac541f1817bf + +info: + name: > + PPOM for WooCommerce <= 33.0.8 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The PPOM for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 33.0.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/352e27ad-4266-4384-be2b-d94d241373a8?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N + cvss-score: 4.4 + cve-id: CVE-2025-24668 + metadata: + fofa-query: "wp-content/plugins/woocommerce-product-addon/" + google-query: inurl:"/wp-content/plugins/woocommerce-product-addon/" + shodan-query: 'vuln:CVE-2025-24668' + tags: cve,wordpress,wp-plugin,woocommerce-product-addon,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-product-addon/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-product-addon" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 33.0.8') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24669-06cdf736fa0c9b21e54865e567e7bbdd.yaml b/nuclei-templates/2025/CVE-2025-24669-06cdf736fa0c9b21e54865e567e7bbdd.yaml new file mode 100644 index 0000000000..6530fc3e8e --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24669-06cdf736fa0c9b21e54865e567e7bbdd.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24669-06cdf736fa0c9b21e54865e567e7bbdd + +info: + name: > + SERPed.net <= 4.4 - Authenticated (Contributor+) SQL Injection + author: topscoder + severity: low + description: > + The SERPed.net plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 4.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8a756804-4f39-46ce-8a0e-c5632f78686d?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N + cvss-score: 6.5 + cve-id: CVE-2025-24669 + metadata: + fofa-query: "wp-content/plugins/serped-net/" + google-query: inurl:"/wp-content/plugins/serped-net/" + shodan-query: 'vuln:CVE-2025-24669' + tags: cve,wordpress,wp-plugin,serped-net,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/serped-net/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "serped-net" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.4') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24672-b62355218ab6142d05819d3fde26fbf7.yaml b/nuclei-templates/2025/CVE-2025-24672-b62355218ab6142d05819d3fde26fbf7.yaml new file mode 100644 index 0000000000..5ab173065b --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24672-b62355218ab6142d05819d3fde26fbf7.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24672-b62355218ab6142d05819d3fde26fbf7 + +info: + name: > + Form Builder CP <= 1.2.41 - Authenticated (Contributor+) SQL Injection + author: topscoder + severity: low + description: > + The Form Builder CP plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.2.41 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/97a6da6b-ed85-4bf4-8ae7-5cd831d022a7?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N + cvss-score: 6.5 + cve-id: CVE-2025-24672 + metadata: + fofa-query: "wp-content/plugins/cp-easy-form-builder/" + google-query: inurl:"/wp-content/plugins/cp-easy-form-builder/" + shodan-query: 'vuln:CVE-2025-24672' + tags: cve,wordpress,wp-plugin,cp-easy-form-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cp-easy-form-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cp-easy-form-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.41') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24673-f8b5b6fafc13c6e919096d22e940a8af.yaml b/nuclei-templates/2025/CVE-2025-24673-f8b5b6fafc13c6e919096d22e940a8af.yaml new file mode 100644 index 0000000000..1dd4cd5a23 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24673-f8b5b6fafc13c6e919096d22e940a8af.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24673-f8b5b6fafc13c6e919096d22e940a8af + +info: + name: > + Ketchup Shortcodes <= 0.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Ketchup Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 0.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/063345b7-040b-4576-8634-663eda9135fa?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-24673 + metadata: + fofa-query: "wp-content/plugins/ketchup-shortcodes-pack/" + google-query: inurl:"/wp-content/plugins/ketchup-shortcodes-pack/" + shodan-query: 'vuln:CVE-2025-24673' + tags: cve,wordpress,wp-plugin,ketchup-shortcodes-pack,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ketchup-shortcodes-pack/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ketchup-shortcodes-pack" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.1.2') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24674-cff96b78b5e786b96ef813fd1e3105bd.yaml b/nuclei-templates/2025/CVE-2025-24674-cff96b78b5e786b96ef813fd1e3105bd.yaml new file mode 100644 index 0000000000..755cb76a1c --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24674-cff96b78b5e786b96ef813fd1e3105bd.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24674-cff96b78b5e786b96ef813fd1e3105bd + +info: + name: > + ShMapper by Teplitsa <= 1.5.0 - Authenticated (Editor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The ShMapper by Teplitsa plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/aee1d4ea-a740-4015-9167-200ed1e2564c?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N + cvss-score: 4.4 + cve-id: CVE-2025-24674 + metadata: + fofa-query: "wp-content/plugins/shmapper-by-teplitsa/" + google-query: inurl:"/wp-content/plugins/shmapper-by-teplitsa/" + shodan-query: 'vuln:CVE-2025-24674' + tags: cve,wordpress,wp-plugin,shmapper-by-teplitsa,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shmapper-by-teplitsa/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shmapper-by-teplitsa" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24675-4c225b292ebce8f8d3b7a48c7aa2b1d9.yaml b/nuclei-templates/2025/CVE-2025-24675-4c225b292ebce8f8d3b7a48c7aa2b1d9.yaml new file mode 100644 index 0000000000..8774f86ff3 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24675-4c225b292ebce8f8d3b7a48c7aa2b1d9.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24675-4c225b292ebce8f8d3b7a48c7aa2b1d9 + +info: + name: > + WP Visitor Statistics (Real Time Traffic) <= 7.2 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The WP Visitor Statistics (Real Time Traffic) plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 7.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/27dc105c-aada-4cbb-99ec-4e59d2dd7bbf?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-24675 + metadata: + fofa-query: "wp-content/plugins/wp-stats-manager/" + google-query: inurl:"/wp-content/plugins/wp-stats-manager/" + shodan-query: 'vuln:CVE-2025-24675' + tags: cve,wordpress,wp-plugin,wp-stats-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-stats-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-stats-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.2') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24679-a455e889f407fb40c5f2f7f74fded172.yaml b/nuclei-templates/2025/CVE-2025-24679-a455e889f407fb40c5f2f7f74fded172.yaml new file mode 100644 index 0000000000..eca0407077 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24679-a455e889f407fb40c5f2f7f74fded172.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24679-a455e889f407fb40c5f2f7f74fded172 + +info: + name: > + Internal Links Manager <= 2.5.2 - Missing Authorization + author: topscoder + severity: low + description: > + The Internal Links Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.5.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7c9e5fb6-5a78-4890-8cc4-2b9e417ff903?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2025-24679 + metadata: + fofa-query: "wp-content/plugins/seo-automated-link-building/" + google-query: inurl:"/wp-content/plugins/seo-automated-link-building/" + shodan-query: 'vuln:CVE-2025-24679' + tags: cve,wordpress,wp-plugin,seo-automated-link-building,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/seo-automated-link-building/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "seo-automated-link-building" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.2') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24681-4260e1a41bbe32b34f31cf1018499638.yaml b/nuclei-templates/2025/CVE-2025-24681-4260e1a41bbe32b34f31cf1018499638.yaml new file mode 100644 index 0000000000..a5a1419c95 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24681-4260e1a41bbe32b34f31cf1018499638.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24681-4260e1a41bbe32b34f31cf1018499638 + +info: + name: > + Product Carousel Slider & Grid Ultimate for WooCommerce <= 1.10.0 - Authenticated (Editor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Product Carousel Slider & Grid Ultimate for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.10.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7229d6b1-0c11-477c-8569-f5d57930d0d6?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N + cvss-score: 4.4 + cve-id: CVE-2025-24681 + metadata: + fofa-query: "wp-content/plugins/woo-product-carousel-slider-and-grid-ultimate/" + google-query: inurl:"/wp-content/plugins/woo-product-carousel-slider-and-grid-ultimate/" + shodan-query: 'vuln:CVE-2025-24681' + tags: cve,wordpress,wp-plugin,woo-product-carousel-slider-and-grid-ultimate,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-product-carousel-slider-and-grid-ultimate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-product-carousel-slider-and-grid-ultimate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.10.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24682-4fd3c67aa31272b2725c46c8696dee76.yaml b/nuclei-templates/2025/CVE-2025-24682-4fd3c67aa31272b2725c46c8696dee76.yaml new file mode 100644 index 0000000000..e0c8bf41ee --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24682-4fd3c67aa31272b2725c46c8696dee76.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24682-4fd3c67aa31272b2725c46c8696dee76 + +info: + name: > + Super Block Slider <= 2.7.9 - Missing Authorization + author: topscoder + severity: low + description: > + The Super block slider – Responsive image & content slider plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.7.9. This makes it possible for authenticated attackers, with Contributor-level access and above, to perform an unauthorized action. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b1613961-48ba-4f68-8f4f-36dd9d8861e4?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2025-24682 + metadata: + fofa-query: "wp-content/plugins/super-block-slider/" + google-query: inurl:"/wp-content/plugins/super-block-slider/" + shodan-query: 'vuln:CVE-2025-24682' + tags: cve,wordpress,wp-plugin,super-block-slider,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/super-block-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "super-block-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.9') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24683-4af67d58aad83fa3a63b3aa74eec166e.yaml b/nuclei-templates/2025/CVE-2025-24683-4af67d58aad83fa3a63b3aa74eec166e.yaml new file mode 100644 index 0000000000..e5222b6b5e --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24683-4af67d58aad83fa3a63b3aa74eec166e.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24683-4af67d58aad83fa3a63b3aa74eec166e + +info: + name: > + RSVP and Event Management Plugin <= 2.7.14 - Authenticated (Administrator+) SQL Injection + author: topscoder + severity: low + description: > + The RSVP and Event Management Plugin plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 2.7.14 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/120f15aa-ccef-49be-8743-e77d699601e2?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N + cvss-score: 4.9 + cve-id: CVE-2025-24683 + metadata: + fofa-query: "wp-content/plugins/rsvp/" + google-query: inurl:"/wp-content/plugins/rsvp/" + shodan-query: 'vuln:CVE-2025-24683' + tags: cve,wordpress,wp-plugin,rsvp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rsvp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rsvp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.14') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24685-3d8dc675c6da2f4f41464c3dfb0b61f3.yaml b/nuclei-templates/2025/CVE-2025-24685-3d8dc675c6da2f4f41464c3dfb0b61f3.yaml new file mode 100644 index 0000000000..93c0bf899a --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24685-3d8dc675c6da2f4f41464c3dfb0b61f3.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24685-3d8dc675c6da2f4f41464c3dfb0b61f3 + +info: + name: > + Morkva UA Shipping <= 1.0.18 - Unauthenticated Local File Inclusion + author: topscoder + severity: critical + description: > + The Morkva UA Shipping plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.0.18. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e24a3d15-da9a-4b47-949d-f95201760087?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2025-24685 + metadata: + fofa-query: "wp-content/plugins/morkva-ua-shipping/" + google-query: inurl:"/wp-content/plugins/morkva-ua-shipping/" + shodan-query: 'vuln:CVE-2025-24685' + tags: cve,wordpress,wp-plugin,morkva-ua-shipping,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/morkva-ua-shipping/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "morkva-ua-shipping" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.18') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24687-5de2af3aff7f6bd8621471823f74d733.yaml b/nuclei-templates/2025/CVE-2025-24687-5de2af3aff7f6bd8621471823f74d733.yaml new file mode 100644 index 0000000000..ee0aff8e39 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24687-5de2af3aff7f6bd8621471823f74d733.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24687-5de2af3aff7f6bd8621471823f74d733 + +info: + name: > + Show/Hide Shortcode <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Show/Hide Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f0490b1a-5467-4ce2-ab26-04dade3ec352?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-24687 + metadata: + fofa-query: "wp-content/plugins/showhide-shortcode/" + google-query: inurl:"/wp-content/plugins/showhide-shortcode/" + shodan-query: 'vuln:CVE-2025-24687' + tags: cve,wordpress,wp-plugin,showhide-shortcode,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/showhide-shortcode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "showhide-shortcode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24689-f97722205c83430204c8badda9d74acc.yaml b/nuclei-templates/2025/CVE-2025-24689-f97722205c83430204c8badda9d74acc.yaml new file mode 100644 index 0000000000..eb666028fd --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24689-f97722205c83430204c8badda9d74acc.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24689-f97722205c83430204c8badda9d74acc + +info: + name: > + Import and export users and customers <= 1.27.12 - Unauthenticated Sensitive Information Disclosure + author: topscoder + severity: medium + description: > + The Import and export users and customers plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.27.12. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d162559e-fb6c-40e2-9fc3-49370f9a779e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.3 + cve-id: CVE-2025-24689 + metadata: + fofa-query: "wp-content/plugins/import-users-from-csv-with-meta/" + google-query: inurl:"/wp-content/plugins/import-users-from-csv-with-meta/" + shodan-query: 'vuln:CVE-2025-24689' + tags: cve,wordpress,wp-plugin,import-users-from-csv-with-meta,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/import-users-from-csv-with-meta/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "import-users-from-csv-with-meta" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.27.12') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24691-c1437b38e7da41107f6820deaadebfb6.yaml b/nuclei-templates/2025/CVE-2025-24691-c1437b38e7da41107f6820deaadebfb6.yaml new file mode 100644 index 0000000000..cfd8c24d9b --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24691-c1437b38e7da41107f6820deaadebfb6.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24691-c1437b38e7da41107f6820deaadebfb6 + +info: + name: > + People Lists <= 1.3.10 - Missing Authorization + author: topscoder + severity: low + description: > + The People Lists plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.3.10. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b276acdf-7372-4d08-a40b-f5a46a3d3b28?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2025-24691 + metadata: + fofa-query: "wp-content/plugins/people-lists/" + google-query: inurl:"/wp-content/plugins/people-lists/" + shodan-query: 'vuln:CVE-2025-24691' + tags: cve,wordpress,wp-plugin,people-lists,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/people-lists/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "people-lists" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.10') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24693-62152153dddb1509f51762e2910bb086.yaml b/nuclei-templates/2025/CVE-2025-24693-62152153dddb1509f51762e2910bb086.yaml new file mode 100644 index 0000000000..f1341b7259 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24693-62152153dddb1509f51762e2910bb086.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24693-62152153dddb1509f51762e2910bb086 + +info: + name: > + Advanced Notifications <= 1.2.7 - Missing Authorization + author: topscoder + severity: low + description: > + The Advanced Notifications plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.2.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dc0e9fab-0b8f-419d-a799-06297b24df33?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2025-24693 + metadata: + fofa-query: "wp-content/plugins/advanced-notifications/" + google-query: inurl:"/wp-content/plugins/advanced-notifications/" + shodan-query: 'vuln:CVE-2025-24693' + tags: cve,wordpress,wp-plugin,advanced-notifications,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-notifications/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-notifications" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.7') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24695-bd49e2ec0b2c659625508c4941142aeb.yaml b/nuclei-templates/2025/CVE-2025-24695-bd49e2ec0b2c659625508c4941142aeb.yaml new file mode 100644 index 0000000000..3cef618403 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24695-bd49e2ec0b2c659625508c4941142aeb.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24695-bd49e2ec0b2c659625508c4941142aeb + +info: + name: > + Extensions For CF7 <= 3.2.0 - Authenticated (Admin+) Sever-Side Request Forgery + author: topscoder + severity: low + description: > + The Extensions For CF7 (Contact form 7 Database, Conditional Fields and Redirection) plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.2.0. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application which can be used to query and modify information from internal services. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c59a4802-ce4c-4f19-be7a-848862e1d3cf?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N + cvss-score: 3.8 + cve-id: CVE-2025-24695 + metadata: + fofa-query: "wp-content/plugins/extensions-for-cf7/" + google-query: inurl:"/wp-content/plugins/extensions-for-cf7/" + shodan-query: 'vuln:CVE-2025-24695' + tags: cve,wordpress,wp-plugin,extensions-for-cf7,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/extensions-for-cf7/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "extensions-for-cf7" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24696-93f24b27ef711e2feb10d5db326ae9d6.yaml b/nuclei-templates/2025/CVE-2025-24696-93f24b27ef711e2feb10d5db326ae9d6.yaml new file mode 100644 index 0000000000..0ad7047c7f --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24696-93f24b27ef711e2feb10d5db326ae9d6.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24696-93f24b27ef711e2feb10d5db326ae9d6 + +info: + name: > + Attire Blocks <= 1.9.6 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + The Attire Blocks plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.9.6. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4f1932d9-35d3-4d3e-bdbb-c238efda430f?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2025-24696 + metadata: + fofa-query: "wp-content/plugins/attire-blocks/" + google-query: inurl:"/wp-content/plugins/attire-blocks/" + shodan-query: 'vuln:CVE-2025-24696' + tags: cve,wordpress,wp-plugin,attire-blocks,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/attire-blocks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "attire-blocks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.6') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24698-82d2532b86f7cb6d6e3da80092b2a9a5.yaml b/nuclei-templates/2025/CVE-2025-24698-82d2532b86f7cb6d6e3da80092b2a9a5.yaml new file mode 100644 index 0000000000..c60ab6101f --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24698-82d2532b86f7cb6d6e3da80092b2a9a5.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24698-82d2532b86f7cb6d6e3da80092b2a9a5 + +info: + name: > + Essential Real Estate <= 5.1.8 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + The Essential Real Estate plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.8. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/822349d3-e712-48f5-949f-a0c720175788?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2025-24698 + metadata: + fofa-query: "wp-content/plugins/essential-real-estate/" + google-query: inurl:"/wp-content/plugins/essential-real-estate/" + shodan-query: 'vuln:CVE-2025-24698' + tags: cve,wordpress,wp-plugin,essential-real-estate,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/essential-real-estate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "essential-real-estate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.1.8') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24701-9aa7cb99eae9c0078b90d3f6ec56ee34.yaml b/nuclei-templates/2025/CVE-2025-24701-9aa7cb99eae9c0078b90d3f6ec56ee34.yaml new file mode 100644 index 0000000000..cb3076074e --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24701-9aa7cb99eae9c0078b90d3f6ec56ee34.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24701-9aa7cb99eae9c0078b90d3f6ec56ee34 + +info: + name: > + Chained Quiz <= 1.3.2.9 - Authenticated (Admin+) Server-Side Request Forgery + author: topscoder + severity: low + description: > + The Chained Quiz plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.3.2.9. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application which can be used to query and modify information from internal services. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/49023c6b-a236-42c1-ab24-072fa4a72967?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N + cvss-score: 5.5 + cve-id: CVE-2025-24701 + metadata: + fofa-query: "wp-content/plugins/chained-quiz/" + google-query: inurl:"/wp-content/plugins/chained-quiz/" + shodan-query: 'vuln:CVE-2025-24701' + tags: cve,wordpress,wp-plugin,chained-quiz,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/chained-quiz/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "chained-quiz" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.2.9') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24702-a7f743afd79676753d2e8942db4b02ab.yaml b/nuclei-templates/2025/CVE-2025-24702-a7f743afd79676753d2e8942db4b02ab.yaml new file mode 100644 index 0000000000..d61eaf929a --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24702-a7f743afd79676753d2e8942db4b02ab.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24702-a7f743afd79676753d2e8942db4b02ab + +info: + name: > + Xagio SEO <= 7.0.0.20 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Xagio SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 7.0.0.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2abe953c-dd50-413c-8424-7cd9dbf92d67?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-24702 + metadata: + fofa-query: "wp-content/plugins/xagio-seo/" + google-query: inurl:"/wp-content/plugins/xagio-seo/" + shodan-query: 'vuln:CVE-2025-24702' + tags: cve,wordpress,wp-plugin,xagio-seo,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/xagio-seo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "xagio-seo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.0.0.20') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24703-43ca8b61ac41a0f027fde35cdd168ea6.yaml b/nuclei-templates/2025/CVE-2025-24703-43ca8b61ac41a0f027fde35cdd168ea6.yaml new file mode 100644 index 0000000000..1cf47df126 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24703-43ca8b61ac41a0f027fde35cdd168ea6.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24703-43ca8b61ac41a0f027fde35cdd168ea6 + +info: + name: > + Comment Edit Core – Simple Comment Editing <= 3.0.33 - Authenticated (Admin+) Server-Side Request Forgery + author: topscoder + severity: low + description: > + The Comment Edit Core – Simple Comment Editing plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.0.33. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application which can be used to query and modify information from internal services. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6bdd1817-7248-48fa-8d2f-00e777bf1257?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N + cvss-score: 5.5 + cve-id: CVE-2025-24703 + metadata: + fofa-query: "wp-content/plugins/simple-comment-editing/" + google-query: inurl:"/wp-content/plugins/simple-comment-editing/" + shodan-query: 'vuln:CVE-2025-24703' + tags: cve,wordpress,wp-plugin,simple-comment-editing,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-comment-editing/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-comment-editing" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.33') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24704-c3d08c3d9eb851957e4a143e34b97f23.yaml b/nuclei-templates/2025/CVE-2025-24704-c3d08c3d9eb851957e4a143e34b97f23.yaml new file mode 100644 index 0000000000..4abb55f5cf --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24704-c3d08c3d9eb851957e4a143e34b97f23.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24704-c3d08c3d9eb851957e4a143e34b97f23 + +info: + name: > + Magic the Gathering Card Tooltips <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Magic the Gathering Card Tooltips plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8099c650-96d7-47b6-a81b-83ff663edb6b?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-24704 + metadata: + fofa-query: "wp-content/plugins/magic-the-gathering-card-tooltips/" + google-query: inurl:"/wp-content/plugins/magic-the-gathering-card-tooltips/" + shodan-query: 'vuln:CVE-2025-24704' + tags: cve,wordpress,wp-plugin,magic-the-gathering-card-tooltips,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/magic-the-gathering-card-tooltips/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "magic-the-gathering-card-tooltips" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24705-43cf4061f62e2169221d9c596197f33e.yaml b/nuclei-templates/2025/CVE-2025-24705-43cf4061f62e2169221d9c596197f33e.yaml new file mode 100644 index 0000000000..9cce2f3dfc --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24705-43cf4061f62e2169221d9c596197f33e.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24705-43cf4061f62e2169221d9c596197f33e + +info: + name: > + WooCommerce Quick View <= 1.1.1 - Unauthenticated Information Disclosure + author: topscoder + severity: medium + description: > + The WooCommerce Quick View plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/646e75be-716e-4336-80c4-d268e9565c5a?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.3 + cve-id: CVE-2025-24705 + metadata: + fofa-query: "wp-content/plugins/woo-quick-view/" + google-query: inurl:"/wp-content/plugins/woo-quick-view/" + shodan-query: 'vuln:CVE-2025-24705' + tags: cve,wordpress,wp-plugin,woo-quick-view,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-quick-view/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-quick-view" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24706-32c85baf23da4d2a25ab5c800552514e.yaml b/nuclei-templates/2025/CVE-2025-24706-32c85baf23da4d2a25ab5c800552514e.yaml new file mode 100644 index 0000000000..d5f694506a --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24706-32c85baf23da4d2a25ab5c800552514e.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24706-32c85baf23da4d2a25ab5c800552514e + +info: + name: > + WC Marketplace <= 4.2.13 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The WC Marketplace plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.2.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/62876268-b019-4717-bb8e-36dc4a5ad489?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-24706 + metadata: + fofa-query: "wp-content/plugins/dc-woocommerce-multi-vendor/" + google-query: inurl:"/wp-content/plugins/dc-woocommerce-multi-vendor/" + shodan-query: 'vuln:CVE-2025-24706' + tags: cve,wordpress,wp-plugin,dc-woocommerce-multi-vendor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dc-woocommerce-multi-vendor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dc-woocommerce-multi-vendor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2.13') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24707-fdd3c9115c7feb19d9ac0ec3a9b57157.yaml b/nuclei-templates/2025/CVE-2025-24707-fdd3c9115c7feb19d9ac0ec3a9b57157.yaml new file mode 100644 index 0000000000..9bd73b885a --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24707-fdd3c9115c7feb19d9ac0ec3a9b57157.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24707-fdd3c9115c7feb19d9ac0ec3a9b57157 + +info: + name: > + Photo Gallery - GT3 Image Gallery & Gutenberg Block Gallery <= 2.7.7.24 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Photo Gallery - GT3 Image Gallery & Gutenberg Block Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.7.7.24 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/91534af0-74e6-438f-9f28-27ac559b2655?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-24707 + metadata: + fofa-query: "wp-content/plugins/gt3-photo-video-gallery/" + google-query: inurl:"/wp-content/plugins/gt3-photo-video-gallery/" + shodan-query: 'vuln:CVE-2025-24707' + tags: cve,wordpress,wp-plugin,gt3-photo-video-gallery,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gt3-photo-video-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gt3-photo-video-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.7.24') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24708-2417b864f0776970fd3c1c17ae5542f9.yaml b/nuclei-templates/2025/CVE-2025-24708-2417b864f0776970fd3c1c17ae5542f9.yaml new file mode 100644 index 0000000000..700f154535 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24708-2417b864f0776970fd3c1c17ae5542f9.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24708-2417b864f0776970fd3c1c17ae5542f9 + +info: + name: > + WP Dynamics CRM for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms <= 1.1.6 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The WP Dynamics CRM for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ec9a771f-bd55-4b64-8bb8-a5f795a7ab5d?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-24708 + metadata: + fofa-query: "wp-content/plugins/cf7-dynamics-crm/" + google-query: inurl:"/wp-content/plugins/cf7-dynamics-crm/" + shodan-query: 'vuln:CVE-2025-24708' + tags: cve,wordpress,wp-plugin,cf7-dynamics-crm,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cf7-dynamics-crm/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cf7-dynamics-crm" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.6') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24709-9924477fa0b30761260b537cb55409c9.yaml b/nuclei-templates/2025/CVE-2025-24709-9924477fa0b30761260b537cb55409c9.yaml new file mode 100644 index 0000000000..099142e052 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24709-9924477fa0b30761260b537cb55409c9.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24709-9924477fa0b30761260b537cb55409c9 + +info: + name: > + Plethora Plugins Tabs + Accordions <= 1.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Plethora Plugins Tabs + Accordions plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/808ba7c9-438f-4282-9b37-d56e079b6c2e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-24709 + metadata: + fofa-query: "wp-content/plugins/plethora-tabs-accordions/" + google-query: inurl:"/wp-content/plugins/plethora-tabs-accordions/" + shodan-query: 'vuln:CVE-2025-24709' + tags: cve,wordpress,wp-plugin,plethora-tabs-accordions,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/plethora-tabs-accordions/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "plethora-tabs-accordions" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.5') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24710-db9e13cf5e4f6462e9576e1d55a9f1e0.yaml b/nuclei-templates/2025/CVE-2025-24710-db9e13cf5e4f6462e9576e1d55a9f1e0.yaml new file mode 100644 index 0000000000..f82025df41 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24710-db9e13cf5e4f6462e9576e1d55a9f1e0.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24710-db9e13cf5e4f6462e9576e1d55a9f1e0 + +info: + name: > + Gwolle Guestbook <= 4.7.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Gwolle Guestbook plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 4.7.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c4048480-25a8-449f-8edb-a2a8854425ff?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-24710 + metadata: + fofa-query: "wp-content/plugins/gwolle-gb/" + google-query: inurl:"/wp-content/plugins/gwolle-gb/" + shodan-query: 'vuln:CVE-2025-24710' + tags: cve,wordpress,wp-plugin,gwolle-gb,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gwolle-gb/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gwolle-gb" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.7.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24711-6b2d0ec6531734d3019876dcbf180239.yaml b/nuclei-templates/2025/CVE-2025-24711-6b2d0ec6531734d3019876dcbf180239.yaml new file mode 100644 index 0000000000..2452e8f02d --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24711-6b2d0ec6531734d3019876dcbf180239.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24711-6b2d0ec6531734d3019876dcbf180239 + +info: + name: > + Popup Box <= 3.2.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + The Popup Box plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2.4. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/84ec28d1-8634-41df-ab1e-b56ed84f2809?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2025-24711 + metadata: + fofa-query: "wp-content/plugins/popup-box/" + google-query: inurl:"/wp-content/plugins/popup-box/" + shodan-query: 'vuln:CVE-2025-24711' + tags: cve,wordpress,wp-plugin,popup-box,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/popup-box/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "popup-box" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.4') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24712-e2327f18caf427395ba44ea8a4305b7e.yaml b/nuclei-templates/2025/CVE-2025-24712-e2327f18caf427395ba44ea8a4305b7e.yaml new file mode 100644 index 0000000000..8fc94bc15f --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24712-e2327f18caf427395ba44ea8a4305b7e.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24712-e2327f18caf427395ba44ea8a4305b7e + +info: + name: > + Radius Blocks <= 2.1.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + The Radius Blocks plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/da680b46-620c-4d35-a327-c7ebe08e49c4?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2025-24712 + metadata: + fofa-query: "wp-content/plugins/radius-blocks/" + google-query: inurl:"/wp-content/plugins/radius-blocks/" + shodan-query: 'vuln:CVE-2025-24712' + tags: cve,wordpress,wp-plugin,radius-blocks,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/radius-blocks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "radius-blocks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.2') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24713-ccc0e2442602eee47bcded7d2bc0b865.yaml b/nuclei-templates/2025/CVE-2025-24713-ccc0e2442602eee47bcded7d2bc0b865.yaml new file mode 100644 index 0000000000..9d4a66d1d0 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24713-ccc0e2442602eee47bcded7d2bc0b865.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24713-ccc0e2442602eee47bcded7d2bc0b865 + +info: + name: > + Button Generator – easily Button Builder <= 3.1.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + The Button Generator – easily Button Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9b5952d1-e3ee-430c-a200-0c5bb551a100?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2025-24713 + metadata: + fofa-query: "wp-content/plugins/button-generation/" + google-query: inurl:"/wp-content/plugins/button-generation/" + shodan-query: 'vuln:CVE-2025-24713' + tags: cve,wordpress,wp-plugin,button-generation,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/button-generation/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "button-generation" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24714-9600ea2df00ab3ac12b2c8f6b254cc4f.yaml b/nuclei-templates/2025/CVE-2025-24714-9600ea2df00ab3ac12b2c8f6b254cc4f.yaml new file mode 100644 index 0000000000..8ed2fbf604 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24714-9600ea2df00ab3ac12b2c8f6b254cc4f.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24714-9600ea2df00ab3ac12b2c8f6b254cc4f + +info: + name: > + Bubble Menu – circle floating menu <= 4.0.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + The Bubble Menu – circle floating menu plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.0.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/24285f69-6474-4a2d-9c20-af27f1ca98c9?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2025-24714 + metadata: + fofa-query: "wp-content/plugins/bubble-menu/" + google-query: inurl:"/wp-content/plugins/bubble-menu/" + shodan-query: 'vuln:CVE-2025-24714' + tags: cve,wordpress,wp-plugin,bubble-menu,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bubble-menu/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bubble-menu" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.2') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24715-6af52cda78e5b1c4c096f29d073283ef.yaml b/nuclei-templates/2025/CVE-2025-24715-6af52cda78e5b1c4c096f29d073283ef.yaml new file mode 100644 index 0000000000..c8fa937d8a --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24715-6af52cda78e5b1c4c096f29d073283ef.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24715-6af52cda78e5b1c4c096f29d073283ef + +info: + name: > + Counter Box <= 2.0.5 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + The Counter Box plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.5. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e8ffb5f8-4a7a-47af-a3db-82c3d70fe8bf?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2025-24715 + metadata: + fofa-query: "wp-content/plugins/counter-box/" + google-query: inurl:"/wp-content/plugins/counter-box/" + shodan-query: 'vuln:CVE-2025-24715' + tags: cve,wordpress,wp-plugin,counter-box,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/counter-box/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "counter-box" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.5') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24716-fb15813de36c6ad788f665b5a415a2a8.yaml b/nuclei-templates/2025/CVE-2025-24716-fb15813de36c6ad788f665b5a415a2a8.yaml new file mode 100644 index 0000000000..991ea3afc5 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24716-fb15813de36c6ad788f665b5a415a2a8.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24716-fb15813de36c6ad788f665b5a415a2a8 + +info: + name: > + Herd Effects <= 6.2.1 - Cross-Site Request Forgery to Settings Update + author: topscoder + severity: medium + description: > + The Herd Effects plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.2.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1e280530-74de-42d2-bffe-3db24f72636d?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2025-24716 + metadata: + fofa-query: "wp-content/plugins/mwp-herd-effect/" + google-query: inurl:"/wp-content/plugins/mwp-herd-effect/" + shodan-query: 'vuln:CVE-2025-24716' + tags: cve,wordpress,wp-plugin,mwp-herd-effect,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mwp-herd-effect/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mwp-herd-effect" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.2.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24717-fcfb3a4f9342130fb793561f4e55400e.yaml b/nuclei-templates/2025/CVE-2025-24717-fcfb3a4f9342130fb793561f4e55400e.yaml new file mode 100644 index 0000000000..ff5214f176 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24717-fcfb3a4f9342130fb793561f4e55400e.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24717-fcfb3a4f9342130fb793561f4e55400e + +info: + name: > + Modal Window <= 6.1.4 - Cross-Site Request Forgery to Settings Ipdate + author: topscoder + severity: medium + description: > + The Modal Window plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.1.4. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b5c43d68-8f6d-486e-8bb3-7de282fe96b3?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2025-24717 + metadata: + fofa-query: "wp-content/plugins/modal-window/" + google-query: inurl:"/wp-content/plugins/modal-window/" + shodan-query: 'vuln:CVE-2025-24717' + tags: cve,wordpress,wp-plugin,modal-window,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/modal-window/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "modal-window" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.1.4') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24718-874ef7b0d0b7bc5dbdcc36b815116fd9.yaml b/nuclei-templates/2025/CVE-2025-24718-874ef7b0d0b7bc5dbdcc36b815116fd9.yaml new file mode 100644 index 0000000000..444a929b1e --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24718-874ef7b0d0b7bc5dbdcc36b815116fd9.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24718-874ef7b0d0b7bc5dbdcc36b815116fd9 + +info: + name: > + WP Sessions Time Monitoring Full Automatic <= 1.1.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The WP Sessions Time Monitoring Full Automatic plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e36b5889-19a3-4ae7-93bd-2ab404fce085?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-24718 + metadata: + fofa-query: "wp-content/plugins/activitytime/" + google-query: inurl:"/wp-content/plugins/activitytime/" + shodan-query: 'vuln:CVE-2025-24718' + tags: cve,wordpress,wp-plugin,activitytime,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/activitytime/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "activitytime" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24719-2a23d96ab51676bf1002f256283e4a2e.yaml b/nuclei-templates/2025/CVE-2025-24719-2a23d96ab51676bf1002f256283e4a2e.yaml new file mode 100644 index 0000000000..46e7518eba --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24719-2a23d96ab51676bf1002f256283e4a2e.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24719-2a23d96ab51676bf1002f256283e4a2e + +info: + name: > + Widget Countdown <= 2.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Widget Countdown plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f7bf63a9-3c99-43fc-a973-d75f2469fb7b?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-24719 + metadata: + fofa-query: "wp-content/plugins/widget-countdown/" + google-query: inurl:"/wp-content/plugins/widget-countdown/" + shodan-query: 'vuln:CVE-2025-24719' + tags: cve,wordpress,wp-plugin,widget-countdown,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/widget-countdown/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "widget-countdown" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24720-b6605716e59fe02ba9f760bc7e3507ac.yaml b/nuclei-templates/2025/CVE-2025-24720-b6605716e59fe02ba9f760bc7e3507ac.yaml new file mode 100644 index 0000000000..47748b2c3e --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24720-b6605716e59fe02ba9f760bc7e3507ac.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24720-b6605716e59fe02ba9f760bc7e3507ac + +info: + name: > + Sticky Buttons <= 4.1.1 - Cross-Site Request Forgery to Settings Update + author: topscoder + severity: medium + description: > + The Sticky Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.1.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/70dd560c-975c-4c64-a0e0-de856c5bae3a?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2025-24720 + metadata: + fofa-query: "wp-content/plugins/sticky-buttons/" + google-query: inurl:"/wp-content/plugins/sticky-buttons/" + shodan-query: 'vuln:CVE-2025-24720' + tags: cve,wordpress,wp-plugin,sticky-buttons,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sticky-buttons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sticky-buttons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24721-e6f4b1606bdfd079911c38ead57a3a3d.yaml b/nuclei-templates/2025/CVE-2025-24721-e6f4b1606bdfd079911c38ead57a3a3d.yaml new file mode 100644 index 0000000000..716caff0c8 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24721-e6f4b1606bdfd079911c38ead57a3a3d.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24721-e6f4b1606bdfd079911c38ead57a3a3d + +info: + name: > + Easy YouTube Gallery <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Easy YouTube Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0e2e3c0e-9ac3-4f6f-b49f-2e50e0fb905f?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-24721 + metadata: + fofa-query: "wp-content/plugins/easy-youtube-gallery/" + google-query: inurl:"/wp-content/plugins/easy-youtube-gallery/" + shodan-query: 'vuln:CVE-2025-24721' + tags: cve,wordpress,wp-plugin,easy-youtube-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-youtube-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-youtube-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.4') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24722-09b5b421cbbd3ad7a9b884d350d07bbd.yaml b/nuclei-templates/2025/CVE-2025-24722-09b5b421cbbd3ad7a9b884d350d07bbd.yaml new file mode 100644 index 0000000000..6bc26e2320 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24722-09b5b421cbbd3ad7a9b884d350d07bbd.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24722-09b5b421cbbd3ad7a9b884d350d07bbd + +info: + name: > + FAQ Builder AYS <= 1.7.3 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The FAQ Builder AYS plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.7.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39a3dabb-4c4a-4423-861c-c26c7365185c?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N + cvss-score: 4.4 + cve-id: CVE-2025-24722 + metadata: + fofa-query: "wp-content/plugins/faq-builder-ays/" + google-query: inurl:"/wp-content/plugins/faq-builder-ays/" + shodan-query: 'vuln:CVE-2025-24722' + tags: cve,wordpress,wp-plugin,faq-builder-ays,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/faq-builder-ays/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "faq-builder-ays" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.3') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24723-f114fa10b0ac7ee337ed2bf5332e8fda.yaml b/nuclei-templates/2025/CVE-2025-24723-f114fa10b0ac7ee337ed2bf5332e8fda.yaml new file mode 100644 index 0000000000..b4497028c1 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24723-f114fa10b0ac7ee337ed2bf5332e8fda.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24723-f114fa10b0ac7ee337ed2bf5332e8fda + +info: + name: > + Booking Calendar Contact Form <= 1.2.55 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Booking Calendar Contact Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2.55 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f891b717-738b-45fd-b355-d407785e3454?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N + cvss-score: 4.4 + cve-id: CVE-2025-24723 + metadata: + fofa-query: "wp-content/plugins/booking-calendar-contact-form/" + google-query: inurl:"/wp-content/plugins/booking-calendar-contact-form/" + shodan-query: 'vuln:CVE-2025-24723' + tags: cve,wordpress,wp-plugin,booking-calendar-contact-form,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/booking-calendar-contact-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "booking-calendar-contact-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.55') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24724-f03d42e687d79d1f06adc33e670bf0bf.yaml b/nuclei-templates/2025/CVE-2025-24724-f03d42e687d79d1f06adc33e670bf0bf.yaml new file mode 100644 index 0000000000..295fa0affe --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24724-f03d42e687d79d1f06adc33e670bf0bf.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24724-f03d42e687d79d1f06adc33e670bf0bf + +info: + name: > + Side Menu Lite <= 5.3.1 - Cross-Site Request Forgery to Settings Update + author: topscoder + severity: medium + description: > + The Side Menu Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.3.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/52ab644a-aed8-4690-8cea-a4993bf51ba0?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2025-24724 + metadata: + fofa-query: "wp-content/plugins/side-menu-lite/" + google-query: inurl:"/wp-content/plugins/side-menu-lite/" + shodan-query: 'vuln:CVE-2025-24724' + tags: cve,wordpress,wp-plugin,side-menu-lite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/side-menu-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "side-menu-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.3.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24725-ccc0e4ca5ec3b3b003947289e9624d5b.yaml b/nuclei-templates/2025/CVE-2025-24725-ccc0e4ca5ec3b3b003947289e9624d5b.yaml new file mode 100644 index 0000000000..652ded3917 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24725-ccc0e4ca5ec3b3b003947289e9624d5b.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24725-ccc0e4ca5ec3b3b003947289e9624d5b + +info: + name: > + Thim Elementor Kit <= 1.2.8 - Missing Authorization + author: topscoder + severity: low + description: > + The Thim Elementor Kit plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.2.8. This makes it possible for authenticated attackers, with Contributor-level access and above, to perform an unauthorized action. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/936c1b74-30ce-4be2-bb31-566fb557597e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2025-24725 + metadata: + fofa-query: "wp-content/plugins/thim-elementor-kit/" + google-query: inurl:"/wp-content/plugins/thim-elementor-kit/" + shodan-query: 'vuln:CVE-2025-24725' + tags: cve,wordpress,wp-plugin,thim-elementor-kit,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/thim-elementor-kit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "thim-elementor-kit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.8') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24726-0944be184c21a1fc67ad0130c4983d32.yaml b/nuclei-templates/2025/CVE-2025-24726-0944be184c21a1fc67ad0130c4983d32.yaml new file mode 100644 index 0000000000..2935d57cab --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24726-0944be184c21a1fc67ad0130c4983d32.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24726-0944be184c21a1fc67ad0130c4983d32 + +info: + name: > + HT Conctact Form 7 <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The HT Conctact Form 7 plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/eccad28f-f55f-4c7e-a163-3b2015e7e50b?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-24726 + metadata: + fofa-query: "wp-content/plugins/ht-contactform/" + google-query: inurl:"/wp-content/plugins/ht-contactform/" + shodan-query: 'vuln:CVE-2025-24726' + tags: cve,wordpress,wp-plugin,ht-contactform,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ht-contactform/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ht-contactform" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24727-069f9abb0aff61a153f22dc9437fe515.yaml b/nuclei-templates/2025/CVE-2025-24727-069f9abb0aff61a153f22dc9437fe515.yaml new file mode 100644 index 0000000000..46cc264a56 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24727-069f9abb0aff61a153f22dc9437fe515.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24727-069f9abb0aff61a153f22dc9437fe515 + +info: + name: > + Contact Form Email <= 1.3.52 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Contact Form Email plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3.52 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1a331934-3bf2-4406-bc45-a897a3da5d90?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N + cvss-score: 4.4 + cve-id: CVE-2025-24727 + metadata: + fofa-query: "wp-content/plugins/contact-form-to-email/" + google-query: inurl:"/wp-content/plugins/contact-form-to-email/" + shodan-query: 'vuln:CVE-2025-24727' + tags: cve,wordpress,wp-plugin,contact-form-to-email,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-to-email/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-to-email" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.52') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24728-61cbe0c94cab5e0e5914b90ec85cc18c.yaml b/nuclei-templates/2025/CVE-2025-24728-61cbe0c94cab5e0e5914b90ec85cc18c.yaml new file mode 100644 index 0000000000..75b41cbd7e --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24728-61cbe0c94cab5e0e5914b90ec85cc18c.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24728-61cbe0c94cab5e0e5914b90ec85cc18c + +info: + name: > + Bug Library <= 2.1.4 - Authenticated (Contributor+) SQL Injection + author: topscoder + severity: low + description: > + The Bug Library plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 2.1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b052b334-751e-4d70-9713-0c214cf932c2?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N + cvss-score: 6.5 + cve-id: CVE-2025-24728 + metadata: + fofa-query: "wp-content/plugins/bug-library/" + google-query: inurl:"/wp-content/plugins/bug-library/" + shodan-query: 'vuln:CVE-2025-24728' + tags: cve,wordpress,wp-plugin,bug-library,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bug-library/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bug-library" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.4') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24729-6b4ff485a4c2461d44194f207ba5d089.yaml b/nuclei-templates/2025/CVE-2025-24729-6b4ff485a4c2461d44194f207ba5d089.yaml new file mode 100644 index 0000000000..1d47a3e54c --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24729-6b4ff485a4c2461d44194f207ba5d089.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24729-6b4ff485a4c2461d44194f207ba5d089 + +info: + name: > + ElementInvader Addons for Elementor <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The ElementInvader Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/405590c7-2ad2-4a04-b1e2-bb1ad6da8dde?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-24729 + metadata: + fofa-query: "wp-content/plugins/elementinvader-addons-for-elementor/" + google-query: inurl:"/wp-content/plugins/elementinvader-addons-for-elementor/" + shodan-query: 'vuln:CVE-2025-24729' + tags: cve,wordpress,wp-plugin,elementinvader-addons-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/elementinvader-addons-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "elementinvader-addons-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.3') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24730-05102ae20176b5cb5391ab3f4946d544.yaml b/nuclei-templates/2025/CVE-2025-24730-05102ae20176b5cb5391ab3f4946d544.yaml new file mode 100644 index 0000000000..5427891012 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24730-05102ae20176b5cb5391ab3f4946d544.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24730-05102ae20176b5cb5391ab3f4946d544 + +info: + name: > + WP VR <= 8.5.14 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The WP VR plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 8.5.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/593202db-9900-4ffc-9062-24f1906c1a57?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-24730 + metadata: + fofa-query: "wp-content/plugins/wpvr/" + google-query: inurl:"/wp-content/plugins/wpvr/" + shodan-query: 'vuln:CVE-2025-24730' + tags: cve,wordpress,wp-plugin,wpvr,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpvr/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpvr" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.5.14') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24731-15efd2c3b346f785247d1659aafc66f2.yaml b/nuclei-templates/2025/CVE-2025-24731-15efd2c3b346f785247d1659aafc66f2.yaml new file mode 100644 index 0000000000..414425da65 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24731-15efd2c3b346f785247d1659aafc66f2.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24731-15efd2c3b346f785247d1659aafc66f2 + +info: + name: > + Download IP2Location Country Blocker <= 2.38.3 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Download IP2Location Country Blocker plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.38.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/85c40853-c100-4c5a-a93a-f27b199dba2d?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N + cvss-score: 4.4 + cve-id: CVE-2025-24731 + metadata: + fofa-query: "wp-content/plugins/ip2location-country-blocker/" + google-query: inurl:"/wp-content/plugins/ip2location-country-blocker/" + shodan-query: 'vuln:CVE-2025-24731' + tags: cve,wordpress,wp-plugin,ip2location-country-blocker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ip2location-country-blocker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ip2location-country-blocker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.38.3') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24732-a49eba549f8fb4190ae58de80696c16c.yaml b/nuclei-templates/2025/CVE-2025-24732-a49eba549f8fb4190ae58de80696c16c.yaml new file mode 100644 index 0000000000..4f0972f464 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24732-a49eba549f8fb4190ae58de80696c16c.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24732-a49eba549f8fb4190ae58de80696c16c + +info: + name: > + BookingPress <= 1.1.25 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The BookingPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.25 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f8e2305f-40ce-4278-a4ea-ddbeb8806777?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-24732 + metadata: + fofa-query: "wp-content/plugins/bookingpress-appointment-booking/" + google-query: inurl:"/wp-content/plugins/bookingpress-appointment-booking/" + shodan-query: 'vuln:CVE-2025-24732' + tags: cve,wordpress,wp-plugin,bookingpress-appointment-booking,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bookingpress-appointment-booking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bookingpress-appointment-booking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.25') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24733-6083fed7b881df5b3048a5fd140638a7.yaml b/nuclei-templates/2025/CVE-2025-24733-6083fed7b881df5b3048a5fd140638a7.yaml new file mode 100644 index 0000000000..404d7428c9 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24733-6083fed7b881df5b3048a5fd140638a7.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24733-6083fed7b881df5b3048a5fd140638a7 + +info: + name: > + Post Grid Master <= 3.4.12 - Authenticated (Contributor+) Local File Inclusion + author: topscoder + severity: low + description: > + The Post Grid Master plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 3.4.12. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c6ea48b4-b4ef-40e2-ade9-8bf44147e8c7?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2025-24733 + metadata: + fofa-query: "wp-content/plugins/ajax-filter-posts/" + google-query: inurl:"/wp-content/plugins/ajax-filter-posts/" + shodan-query: 'vuln:CVE-2025-24733' + tags: cve,wordpress,wp-plugin,ajax-filter-posts,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ajax-filter-posts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ajax-filter-posts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.12') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24736-349233e515f35f962e406b3d54b26e8f.yaml b/nuclei-templates/2025/CVE-2025-24736-349233e515f35f962e406b3d54b26e8f.yaml new file mode 100644 index 0000000000..d1bd9a21ee --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24736-349233e515f35f962e406b3d54b26e8f.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24736-349233e515f35f962e406b3d54b26e8f + +info: + name: > + Post Duplicator <= 2.35 - Missing Authorization + author: topscoder + severity: low + description: > + The Post Duplicator plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.35. This makes it possible for authenticated attackers, with Contributor-level access and above, to perform an unauthorized action. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/985dfe25-4860-477a-bd85-5bf3375b86db?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2025-24736 + metadata: + fofa-query: "wp-content/plugins/post-duplicator/" + google-query: inurl:"/wp-content/plugins/post-duplicator/" + shodan-query: 'vuln:CVE-2025-24736' + tags: cve,wordpress,wp-plugin,post-duplicator,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/post-duplicator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "post-duplicator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.35') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24738-c54025f15f3d8d2f4016c3def32af090.yaml b/nuclei-templates/2025/CVE-2025-24738-c54025f15f3d8d2f4016c3def32af090.yaml new file mode 100644 index 0000000000..186b3e6278 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24738-c54025f15f3d8d2f4016c3def32af090.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24738-c54025f15f3d8d2f4016c3def32af090 + +info: + name: > + Call Now Button <= 1.4.13 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + The Call Now Button – The #1 Click to Call Button for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.13. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unknown action granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/896d69ff-ec05-4811-a959-84f632b4b915?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2025-24738 + metadata: + fofa-query: "wp-content/plugins/call-now-button/" + google-query: inurl:"/wp-content/plugins/call-now-button/" + shodan-query: 'vuln:CVE-2025-24738' + tags: cve,wordpress,wp-plugin,call-now-button,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/call-now-button/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "call-now-button" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.13') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24739-433ed98dfc9df1f1ca498dbbcb9ff71c.yaml b/nuclei-templates/2025/CVE-2025-24739-433ed98dfc9df1f1ca498dbbcb9ff71c.yaml new file mode 100644 index 0000000000..8d23984008 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24739-433ed98dfc9df1f1ca498dbbcb9ff71c.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24739-433ed98dfc9df1f1ca498dbbcb9ff71c + +info: + name: > + FluentSMTP <= 2.2.80 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + The FluentSMTP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.2.80. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/33a801ab-b86f-42b3-bb79-dad64617a56a?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2025-24739 + metadata: + fofa-query: "wp-content/plugins/fluent-smtp/" + google-query: inurl:"/wp-content/plugins/fluent-smtp/" + shodan-query: 'vuln:CVE-2025-24739' + tags: cve,wordpress,wp-plugin,fluent-smtp,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fluent-smtp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fluent-smtp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.80') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24740-e1e275a296910fcd52b24e439f0d9d36.yaml b/nuclei-templates/2025/CVE-2025-24740-e1e275a296910fcd52b24e439f0d9d36.yaml new file mode 100644 index 0000000000..44738d7f8d --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24740-e1e275a296910fcd52b24e439f0d9d36.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24740-e1e275a296910fcd52b24e439f0d9d36 + +info: + name: > + LearnPress <= 4.2.7.1 - Authenticated (Subscriber+) Open Redirect + author: topscoder + severity: low + description: > + The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 4.2.7.1. This is due to insufficient validation on a redirect url supplied. This makes it possible for authenticated attackers, with subscriber-level access and above, to redirect users to potentially malicious sites if they can successfully trick them into performing an action. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a1702bdd-1409-42f7-b7b8-cfd44505ecd6?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N + cvss-score: 5.4 + cve-id: CVE-2025-24740 + metadata: + fofa-query: "wp-content/plugins/learnpress/" + google-query: inurl:"/wp-content/plugins/learnpress/" + shodan-query: 'vuln:CVE-2025-24740' + tags: cve,wordpress,wp-plugin,learnpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/learnpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "learnpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2.7.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24741-ce88bff75af8309ad7e759b194420733.yaml b/nuclei-templates/2025/CVE-2025-24741-ce88bff75af8309ad7e759b194420733.yaml new file mode 100644 index 0000000000..98531d4db0 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24741-ce88bff75af8309ad7e759b194420733.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24741-ce88bff75af8309ad7e759b194420733 + +info: + name: > + KB Support <= 1.6.7 - Unauthenticated Open Redirect + author: topscoder + severity: medium + description: > + The KB Support – Customer Support Ticket & Helpdesk Plugin, Knowledge Base Plugin plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 1.6.7. This is due to insufficient validation on the redirect url supplied. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fe679ff6-6ade-48fa-8699-6a96da49f8c8?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-24741 + metadata: + fofa-query: "wp-content/plugins/kb-support/" + google-query: inurl:"/wp-content/plugins/kb-support/" + shodan-query: 'vuln:CVE-2025-24741' + tags: cve,wordpress,wp-plugin,kb-support,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/kb-support/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "kb-support" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.7') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24742-59076c6314967a7b2625b437b823934f.yaml b/nuclei-templates/2025/CVE-2025-24742-59076c6314967a7b2625b437b823934f.yaml new file mode 100644 index 0000000000..a793d498ab --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24742-59076c6314967a7b2625b437b823934f.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24742-59076c6314967a7b2625b437b823934f + +info: + name: > + WP Go Maps <= 9.0.40 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + The WP Go Maps plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 9.0.40. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/43d01824-507d-4d26-af88-9ea5b4c1b108?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2025-24742 + metadata: + fofa-query: "wp-content/plugins/wp-google-maps/" + google-query: inurl:"/wp-content/plugins/wp-google-maps/" + shodan-query: 'vuln:CVE-2025-24742' + tags: cve,wordpress,wp-plugin,wp-google-maps,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-google-maps/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-google-maps" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.0.40') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24743-86e02c48a3dae7b792dcfa0474294423.yaml b/nuclei-templates/2025/CVE-2025-24743-86e02c48a3dae7b792dcfa0474294423.yaml new file mode 100644 index 0000000000..32d4053927 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24743-86e02c48a3dae7b792dcfa0474294423.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24743-86e02c48a3dae7b792dcfa0474294423 + +info: + name: > + RomethemeKit For Elementor <= 1.5.2 - Missing Authorization + author: topscoder + severity: low + description: > + The RomethemeKit For Elementor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.5.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/00d8124a-3bbc-42a0-afe1-e8e2dd9123fd?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2025-24743 + metadata: + fofa-query: "wp-content/plugins/rometheme-for-elementor/" + google-query: inurl:"/wp-content/plugins/rometheme-for-elementor/" + shodan-query: 'vuln:CVE-2025-24743' + tags: cve,wordpress,wp-plugin,rometheme-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rometheme-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rometheme-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.2') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24744-c12bee40bb3effc0d9d627c9d26121ca.yaml b/nuclei-templates/2025/CVE-2025-24744-c12bee40bb3effc0d9d627c9d26121ca.yaml new file mode 100644 index 0000000000..fb0e45fad7 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24744-c12bee40bb3effc0d9d627c9d26121ca.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24744-c12bee40bb3effc0d9d627c9d26121ca + +info: + name: > + Bridge Core <= 3.3 - Missing Authorization + author: topscoder + severity: low + description: > + The Bridge Core plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cdb5a65a-313f-44b3-9a79-7fae1207e8e2?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2025-24744 + metadata: + fofa-query: "wp-content/plugins/bridge-core/" + google-query: inurl:"/wp-content/plugins/bridge-core/" + shodan-query: 'vuln:CVE-2025-24744' + tags: cve,wordpress,wp-plugin,bridge-core,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bridge-core/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bridge-core" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24746-dc46fcfa3e7d3ab91eca263d8cd2addc.yaml b/nuclei-templates/2025/CVE-2025-24746-dc46fcfa3e7d3ab91eca263d8cd2addc.yaml new file mode 100644 index 0000000000..c9a6d32142 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24746-dc46fcfa3e7d3ab91eca263d8cd2addc.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24746-dc46fcfa3e7d3ab91eca263d8cd2addc + +info: + name: > + Popup Maker <= 1.20.2 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Popup Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.20.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e50ef794-f551-4743-91b6-79509e9acf01?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-24746 + metadata: + fofa-query: "wp-content/plugins/popup-maker/" + google-query: inurl:"/wp-content/plugins/popup-maker/" + shodan-query: 'vuln:CVE-2025-24746' + tags: cve,wordpress,wp-plugin,popup-maker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/popup-maker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "popup-maker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.20.2') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24748-dd3e44c2d440459e103ff0415426f1b4.yaml b/nuclei-templates/2025/CVE-2025-24748-dd3e44c2d440459e103ff0415426f1b4.yaml new file mode 100644 index 0000000000..313125e8ac --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24748-dd3e44c2d440459e103ff0415426f1b4.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24748-dd3e44c2d440459e103ff0415426f1b4 + +info: + name: > + Avada <= 7.11.10 - Missing Authorization + author: topscoder + severity: high + description: > + The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 7.11.10. This makes it possible for unauthenticated attackers to perform an unauthorized action. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f7b25126-9db4-488a-aa47-2f903b0b9fdf?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N + cvss-score: 5.3 + cve-id: CVE-2025-24748 + metadata: + fofa-query: "wp-content/themes/Avada/" + google-query: inurl:"/wp-content/themes/Avada/" + shodan-query: 'vuln:CVE-2025-24748' + tags: cve,wordpress,wp-theme,Avada,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/Avada/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "Avada" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.11.10') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24750-43d3040449d57c70883dbfc257b7e6b6.yaml b/nuclei-templates/2025/CVE-2025-24750-43d3040449d57c70883dbfc257b7e6b6.yaml new file mode 100644 index 0000000000..ce1ff90d68 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24750-43d3040449d57c70883dbfc257b7e6b6.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24750-43d3040449d57c70883dbfc257b7e6b6 + +info: + name: > + ExactMetrics <= 8.1.0 - Missing Authorization + author: topscoder + severity: low + description: > + The ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin) plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 8.1.0. This makes it possible for authenticated attackers, with Contributor-level access and above, to perform an unauthorized action. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f7b239b1-c234-40d0-a4bc-f2db54937494?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2025-24750 + metadata: + fofa-query: "wp-content/plugins/google-analytics-dashboard-for-wp/" + google-query: inurl:"/wp-content/plugins/google-analytics-dashboard-for-wp/" + shodan-query: 'vuln:CVE-2025-24750' + tags: cve,wordpress,wp-plugin,google-analytics-dashboard-for-wp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/google-analytics-dashboard-for-wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "google-analytics-dashboard-for-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.1.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24751-fa573ed28f7d96d840bd3c128c534a5d.yaml b/nuclei-templates/2025/CVE-2025-24751-fa573ed28f7d96d840bd3c128c534a5d.yaml new file mode 100644 index 0000000000..3767bf885b --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24751-fa573ed28f7d96d840bd3c128c534a5d.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24751-fa573ed28f7d96d840bd3c128c534a5d + +info: + name: > + CoBlocks <= 3.1.13 - Missing Authorization + author: topscoder + severity: low + description: > + The Page Builder Gutenberg Blocks – CoBlocks plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with Contributor-level access and above, to perform an unauthorized action. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9699970f-76a4-4f10-9836-4e46ac8d6914?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2025-24751 + metadata: + fofa-query: "wp-content/plugins/coblocks/" + google-query: inurl:"/wp-content/plugins/coblocks/" + shodan-query: 'vuln:CVE-2025-24751' + tags: cve,wordpress,wp-plugin,coblocks,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/coblocks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "coblocks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.13') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24753-85b8dd429f77037c8cfa0dc19eda48e0.yaml b/nuclei-templates/2025/CVE-2025-24753-85b8dd429f77037c8cfa0dc19eda48e0.yaml new file mode 100644 index 0000000000..47e148b1ca --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24753-85b8dd429f77037c8cfa0dc19eda48e0.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24753-85b8dd429f77037c8cfa0dc19eda48e0 + +info: + name: > + Gutenberg Blocks by Kadence Blocks <= 3.3.1 - Missing Authorization + author: topscoder + severity: low + description: > + The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.3.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to perform an unauthorized action. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/88f51ef6-2207-4e91-9182-48c6babe178b?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2025-24753 + metadata: + fofa-query: "wp-content/plugins/kadence-blocks/" + google-query: inurl:"/wp-content/plugins/kadence-blocks/" + shodan-query: 'vuln:CVE-2025-24753' + tags: cve,wordpress,wp-plugin,kadence-blocks,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/kadence-blocks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "kadence-blocks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24754-36571f21c432bacb8f03457f6c59654c.yaml b/nuclei-templates/2025/CVE-2025-24754-36571f21c432bacb8f03457f6c59654c.yaml new file mode 100644 index 0000000000..f00b9ba25c --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24754-36571f21c432bacb8f03457f6c59654c.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24754-36571f21c432bacb8f03457f6c59654c + +info: + name: > + Houzez <= 3.4.0 - Missing Authorization + author: topscoder + severity: low + description: > + The Houzez theme for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.4.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/56583dca-bd63-466d-a16a-be7b19b2487e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2025-24754 + metadata: + fofa-query: "wp-content/themes/houzez/" + google-query: inurl:"/wp-content/themes/houzez/" + shodan-query: 'vuln:CVE-2025-24754' + tags: cve,wordpress,wp-theme,houzez,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/houzez/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "houzez" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24755-4fa49388a4d58fbef66e1ce3de45f68a.yaml b/nuclei-templates/2025/CVE-2025-24755-4fa49388a4d58fbef66e1ce3de45f68a.yaml new file mode 100644 index 0000000000..8973849065 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24755-4fa49388a4d58fbef66e1ce3de45f68a.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24755-4fa49388a4d58fbef66e1ce3de45f68a + +info: + name: > + PDF Invoices for WooCommerce + Drag and Drop Template Builder <= 4.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The PDF Invoices for WooCommerce + Drag and Drop Template Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.6.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cf68401a-0a79-43f0-adee-fd0594d5dee0?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2025-24755 + metadata: + fofa-query: "wp-content/plugins/pdf-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/pdf-for-woocommerce/" + shodan-query: 'vuln:CVE-2025-24755' + tags: cve,wordpress,wp-plugin,pdf-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pdf-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pdf-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.6.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24756-c02832d5bf484e04aea8c68c9f26847d.yaml b/nuclei-templates/2025/CVE-2025-24756-c02832d5bf484e04aea8c68c9f26847d.yaml new file mode 100644 index 0000000000..c880211621 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24756-c02832d5bf484e04aea8c68c9f26847d.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24756-c02832d5bf484e04aea8c68c9f26847d + +info: + name: > + Roi Calculator <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Roi Calculator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d2427236-f8cf-4fbf-8461-77bb75638a0a?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-24756 + metadata: + fofa-query: "wp-content/plugins/roi-calculator/" + google-query: inurl:"/wp-content/plugins/roi-calculator/" + shodan-query: 'vuln:CVE-2025-24756' + tags: cve,wordpress,wp-plugin,roi-calculator,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/roi-calculator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "roi-calculator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24757-7bfd629097fc9bf4ab2f32c70c57cddf.yaml b/nuclei-templates/2025/CVE-2025-24757-7bfd629097fc9bf4ab2f32c70c57cddf.yaml new file mode 100644 index 0000000000..ca73728a19 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24757-7bfd629097fc9bf4ab2f32c70c57cddf.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24757-7bfd629097fc9bf4ab2f32c70c57cddf + +info: + name: > + uDesign <= 4.11.2 - Missing Authorization + author: topscoder + severity: high + description: > + The udesign theme for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 4.11.2. This makes it possible for unauthenticated attackers to perform an unauthorized action. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/029b4554-518e-484e-9e3a-7275a5fe1f17?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N + cvss-score: 5.3 + cve-id: CVE-2025-24757 + metadata: + fofa-query: "wp-content/themes/udesign/" + google-query: inurl:"/wp-content/themes/udesign/" + shodan-query: 'vuln:CVE-2025-24757' + tags: cve,wordpress,wp-theme,udesign,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/udesign/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "udesign" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.11.2') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24781-8a988f39f86c683a35fa9d897274d41c.yaml b/nuclei-templates/2025/CVE-2025-24781-8a988f39f86c683a35fa9d897274d41c.yaml new file mode 100644 index 0000000000..fd319da54d --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24781-8a988f39f86c683a35fa9d897274d41c.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24781-8a988f39f86c683a35fa9d897274d41c + +info: + name: > + WPJobBoard <= 5.10.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The WPJobBoard plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 5.10.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/91de3a32-236e-441d-b648-56cd69257c5f?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2025-24781 + metadata: + fofa-query: "wp-content/plugins/wpjobboard/" + google-query: inurl:"/wp-content/plugins/wpjobboard/" + shodan-query: 'vuln:CVE-2025-24781' + tags: cve,wordpress,wp-plugin,wpjobboard,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpjobboard/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpjobboard" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.10.1') \ No newline at end of file diff --git a/nuclei-templates/2025/CVE-2025-24782-71e184c2543ed8b615459d6920d74980.yaml b/nuclei-templates/2025/CVE-2025-24782-71e184c2543ed8b615459d6920d74980.yaml new file mode 100644 index 0000000000..93242f2eb8 --- /dev/null +++ b/nuclei-templates/2025/CVE-2025-24782-71e184c2543ed8b615459d6920d74980.yaml @@ -0,0 +1,59 @@ +id: CVE-2025-24782-71e184c2543ed8b615459d6920d74980 + +info: + name: > + Post Grid, Slider & Carousel Ultimate <= 1.6.10 - Authenticated (Contributor+) Local File Inclusion + author: topscoder + severity: low + description: > + The Post Grid, Slider & Carousel Ultimate plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.6.10. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7ea3e243-8deb-4fd7-a5db-a7a1294373b7?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2025-24782 + metadata: + fofa-query: "wp-content/plugins/post-grid-carousel-ultimate/" + google-query: inurl:"/wp-content/plugins/post-grid-carousel-ultimate/" + shodan-query: 'vuln:CVE-2025-24782' + tags: cve,wordpress,wp-plugin,post-grid-carousel-ultimate,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/post-grid-carousel-ultimate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "post-grid-carousel-ultimate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/agency-toolkit-c4d0da08ce2ccde8e115ab3f856365e3.yaml b/nuclei-templates/cve-less/plugins/agency-toolkit-c4d0da08ce2ccde8e115ab3f856365e3.yaml index 61562b6e3d..e6398f949e 100644 --- a/nuclei-templates/cve-less/plugins/agency-toolkit-c4d0da08ce2ccde8e115ab3f856365e3.yaml +++ b/nuclei-templates/cve-less/plugins/agency-toolkit-c4d0da08ce2ccde8e115ab3f856365e3.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: high description: > - The Agency Toolkit plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'agency_toolkit_import' action in all versions up to, and including, 1.0.23. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. + The Agency Toolkit plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'agency_toolkit_import' action in all versions up to, and including, 1.0.23. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. CVE-2024-56066 is a duplicate of this. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/9f5cdb47-205a-4c03-a8a9-f39d1b4fc769?source=api-prod diff --git a/nuclei-templates/cve-less/plugins/ap-twig-bridge-b7de650c05254b194a03adb0bbb4b850.yaml b/nuclei-templates/cve-less/plugins/ap-twig-bridge-b7de650c05254b194a03adb0bbb4b850.yaml new file mode 100644 index 0000000000..b03f34b294 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ap-twig-bridge-b7de650c05254b194a03adb0bbb4b850.yaml @@ -0,0 +1,59 @@ +id: ap-twig-bridge-b7de650c05254b194a03adb0bbb4b850 + +info: + name: > + Twigify <= 1.1.2 & AP Twig Bridge <= 1.0 & Content Template Engine <= 0.9.4 - Running Vulnerable Twig Package + author: topscoder + severity: high + description: > + The Twigify plugin for WordPress is running a vulnerable version of Twig (1.16.3) in all versions up to, and including, 1.1.2, the AP Twig Bridge plugin for WordPress is running a vulnerable version of Twig (1.5.0) in all versions up to, and including, 1.0, and the Content Template Engine plugin for WordPress is running a vulnerable version of Twig (1.22.3) in all versions up to, and including, 0.9.4. This version of Twig contains many security vulnerabilities, though none have been confirmed exploitable in the Twigify or AP Twig Bridge plugins. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/82b78826-b256-4612-a830-d44a9bc97541?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L + cvss-score: 7.3 + cve-id: + metadata: + fofa-query: "wp-content/plugins/ap-twig-bridge/" + google-query: inurl:"/wp-content/plugins/ap-twig-bridge/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ap-twig-bridge,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ap-twig-bridge/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ap-twig-bridge" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/content-template-engine-b7de650c05254b194a03adb0bbb4b850.yaml b/nuclei-templates/cve-less/plugins/content-template-engine-b7de650c05254b194a03adb0bbb4b850.yaml new file mode 100644 index 0000000000..101ea2cbb6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/content-template-engine-b7de650c05254b194a03adb0bbb4b850.yaml @@ -0,0 +1,59 @@ +id: content-template-engine-b7de650c05254b194a03adb0bbb4b850 + +info: + name: > + Twigify <= 1.1.2 & AP Twig Bridge <= 1.0 & Content Template Engine <= 0.9.4 - Running Vulnerable Twig Package + author: topscoder + severity: high + description: > + The Twigify plugin for WordPress is running a vulnerable version of Twig (1.16.3) in all versions up to, and including, 1.1.2, the AP Twig Bridge plugin for WordPress is running a vulnerable version of Twig (1.5.0) in all versions up to, and including, 1.0, and the Content Template Engine plugin for WordPress is running a vulnerable version of Twig (1.22.3) in all versions up to, and including, 0.9.4. This version of Twig contains many security vulnerabilities, though none have been confirmed exploitable in the Twigify or AP Twig Bridge plugins. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/82b78826-b256-4612-a830-d44a9bc97541?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L + cvss-score: 7.3 + cve-id: + metadata: + fofa-query: "wp-content/plugins/content-template-engine/" + google-query: inurl:"/wp-content/plugins/content-template-engine/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,content-template-engine,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/content-template-engine/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "content-template-engine" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.9.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/eid-easy-qualified-electonic-signature-8b5481747ff85f1f4ed93a030334d23b.yaml b/nuclei-templates/cve-less/plugins/eid-easy-qualified-electonic-signature-8b5481747ff85f1f4ed93a030334d23b.yaml new file mode 100644 index 0000000000..648ff12262 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/eid-easy-qualified-electonic-signature-8b5481747ff85f1f4ed93a030334d23b.yaml @@ -0,0 +1,59 @@ +id: eid-easy-qualified-electonic-signature-8b5481747ff85f1f4ed93a030334d23b + +info: + name: > + Various Plugins <= Various Version - Use of Polyfill.io + author: topscoder + severity: medium + description: > + Multiple plugins for WordPress are vulnerable to malicious redirection in various versions. This is due to the use of Polyfill.io. Polyfill.io is a JavaScript library used to streamline delivery of content across older browsers and was taken over by malicious threat actors that used the service to redirect victims to malicious websites. While many WordPress plugins utilize Polyfill.io, not all of them may have been delivering malicious content. Regardless, it is recommended to update to a version of the plugin where Polyfill is no longer used or manually remove the use of Polyfill.io from the plugin. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/379a5016-3968-4b28-8d6e-0f517e419016?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N + cvss-score: 5.3 + cve-id: + metadata: + fofa-query: "wp-content/plugins/eid-easy-qualified-electonic-signature/" + google-query: inurl:"/wp-content/plugins/eid-easy-qualified-electonic-signature/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,eid-easy-qualified-electonic-signature,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/eid-easy-qualified-electonic-signature/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "eid-easy-qualified-electonic-signature" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/event-registration-46cbfbe299d8429cfe4f2478288f8f02.yaml b/nuclei-templates/cve-less/plugins/event-registration-46cbfbe299d8429cfe4f2478288f8f02.yaml index 20e463a11a..e701bc7f4b 100644 --- a/nuclei-templates/cve-less/plugins/event-registration-46cbfbe299d8429cfe4f2478288f8f02.yaml +++ b/nuclei-templates/cve-less/plugins/event-registration-46cbfbe299d8429cfe4f2478288f8f02.yaml @@ -2,11 +2,11 @@ id: event-registration-46cbfbe299d8429cfe4f2478288f8f02 info: name: > - Event Registration <= 6.02.02 - Stored Cross-Site Scripting + Event Registration <= 6.02.02 - Unauthenticated Stored Cross-Site Scripting author: topscoder severity: high description: > - The Event Registration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via attendees first and last name parameters in versions up to, and including, [up to affected version] due to insufficient input sanitization and output escaping. This makes it possible for [authentication-level] attackers [inject user-level requirements if available and authentication is required] to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + The Event Registration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via attendees first and last name parameters in versions up to, and including, 6.02.02 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/adb87ef2-8741-4144-b414-56e82dd35c89?source=api-prod diff --git a/nuclei-templates/cve-less/plugins/nextgen-gallery-voting-711a6dfe1f10a1b36d2e4ce6b5c4cc5a.yaml b/nuclei-templates/cve-less/plugins/nextgen-gallery-voting-711a6dfe1f10a1b36d2e4ce6b5c4cc5a.yaml index c7119616ff..9cfabb33f4 100644 --- a/nuclei-templates/cve-less/plugins/nextgen-gallery-voting-711a6dfe1f10a1b36d2e4ce6b5c4cc5a.yaml +++ b/nuclei-templates/cve-less/plugins/nextgen-gallery-voting-711a6dfe1f10a1b36d2e4ce6b5c4cc5a.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: low description: > - The NextGEN Gallery Voting plugin for WordPress is vulnerable to SQL Injection via the 'nggv[limit]' parameter in versions up to, and including, [up to affected version] due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with administrative privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + The NextGEN Gallery Voting plugin for WordPress is vulnerable to SQL Injection via the 'nggv[limit]' parameter in versions up to, and including, 2.7.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with administrative privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/25f277f3-8b94-4ea2-ba84-885257690b18?source=api-prod diff --git a/nuclei-templates/cve-less/plugins/paid-memberships-pro-7f8698cfbd40f2e048a3bdc4246969cb.yaml b/nuclei-templates/cve-less/plugins/paid-memberships-pro-7f8698cfbd40f2e048a3bdc4246969cb.yaml index 42f442e0e7..d9edabf0b5 100644 --- a/nuclei-templates/cve-less/plugins/paid-memberships-pro-7f8698cfbd40f2e048a3bdc4246969cb.yaml +++ b/nuclei-templates/cve-less/plugins/paid-memberships-pro-7f8698cfbd40f2e048a3bdc4246969cb.yaml @@ -11,8 +11,8 @@ info: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/f6c5e3f8-ebbd-4cc3-b9b1-3f1704e3c07a?source=api-prod classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N - cvss-score: 5.3 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N + cvss-score: 4.3 cve-id: metadata: fofa-query: "wp-content/plugins/paid-memberships-pro/" diff --git a/nuclei-templates/cve-less/plugins/polldaddy-cdbe9e03d1e4243d05e687c7344006bb.yaml b/nuclei-templates/cve-less/plugins/polldaddy-cdbe9e03d1e4243d05e687c7344006bb.yaml index 07ac041ad9..ab7334872c 100644 --- a/nuclei-templates/cve-less/plugins/polldaddy-cdbe9e03d1e4243d05e687c7344006bb.yaml +++ b/nuclei-templates/cve-less/plugins/polldaddy-cdbe9e03d1e4243d05e687c7344006bb.yaml @@ -4,7 +4,7 @@ info: name: > Crowdsignal Dashboard – Polls, Surveys & more <= 2.0.31 - Stored Cross-Site scripting author: topscoder - severity: medium + severity: high description: > The Crowdsignal Dashboard – Polls, Surveys & more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via poll content in versions up to, and including, 2.0.31 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. reference: @@ -18,7 +18,7 @@ info: fofa-query: "wp-content/plugins/polldaddy/" google-query: inurl:"/wp-content/plugins/polldaddy/" shodan-query: 'vuln:' - tags: cve,wordpress,wp-plugin,polldaddy,medium + tags: cve,wordpress,wp-plugin,polldaddy,high http: - method: GET diff --git a/nuclei-templates/cve-less/plugins/shortcode-for-current-date-c7690ce9aa4061cd6632d30e5f715c1a.yaml b/nuclei-templates/cve-less/plugins/shortcode-for-current-date-c7690ce9aa4061cd6632d30e5f715c1a.yaml index b957e45a7f..1fde90a967 100644 --- a/nuclei-templates/cve-less/plugins/shortcode-for-current-date-c7690ce9aa4061cd6632d30e5f715c1a.yaml +++ b/nuclei-templates/cve-less/plugins/shortcode-for-current-date-c7690ce9aa4061cd6632d30e5f715c1a.yaml @@ -11,8 +11,8 @@ info: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/1917eabd-0ba2-4878-87ea-8c0c9c00b6f5?source=api-prod classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 cve-id: metadata: fofa-query: "wp-content/plugins/shortcode-for-current-date/" diff --git a/nuclei-templates/cve-less/plugins/twigify-b7de650c05254b194a03adb0bbb4b850.yaml b/nuclei-templates/cve-less/plugins/twigify-b7de650c05254b194a03adb0bbb4b850.yaml index 2e8e75447a..a88a078b2b 100644 --- a/nuclei-templates/cve-less/plugins/twigify-b7de650c05254b194a03adb0bbb4b850.yaml +++ b/nuclei-templates/cve-less/plugins/twigify-b7de650c05254b194a03adb0bbb4b850.yaml @@ -2,11 +2,11 @@ id: twigify-b7de650c05254b194a03adb0bbb4b850 info: name: > - Twigify <= 1.1.2 - Running Vulnerable Twig Package + Twigify <= 1.1.2 & AP Twig Bridge <= 1.0 & Content Template Engine <= 0.9.4 - Running Vulnerable Twig Package author: topscoder severity: high description: > - The Twigify plugin for WordPress is running a vulnerable version of Twig (1.16.3) in all versions up to, and including, 1.1.2. This version of Twig contains many security vulnerabilities, though none have been confirmed exploitable in the Twigify plugin. + The Twigify plugin for WordPress is running a vulnerable version of Twig (1.16.3) in all versions up to, and including, 1.1.2, the AP Twig Bridge plugin for WordPress is running a vulnerable version of Twig (1.5.0) in all versions up to, and including, 1.0, and the Content Template Engine plugin for WordPress is running a vulnerable version of Twig (1.22.3) in all versions up to, and including, 0.9.4. This version of Twig contains many security vulnerabilities, though none have been confirmed exploitable in the Twigify or AP Twig Bridge plugins. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/82b78826-b256-4612-a830-d44a9bc97541?source=api-prod diff --git a/nuclei-templates/cve-less/plugins/wc-category-showcase-6f52a67e6b38af4082667bfafcf833b8.yaml b/nuclei-templates/cve-less/plugins/wc-category-showcase-6f52a67e6b38af4082667bfafcf833b8.yaml new file mode 100644 index 0000000000..aec6e7060d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wc-category-showcase-6f52a67e6b38af4082667bfafcf833b8.yaml @@ -0,0 +1,59 @@ +id: wc-category-showcase-6f52a67e6b38af4082667bfafcf833b8 + +info: + name: > + Appsero <= 1.2.1 - Missing Authorization + author: topscoder + severity: low + description: > + The Appsero analytics tool used in several plugins is vulnerable to authorization bypass due to a missing capability check on the uninstall_reason_submission function used for feedback submission in versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function intended for administrator use. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/84003388-c47c-41db-8d2d-4643aa375a89?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: + metadata: + fofa-query: "wp-content/plugins/wc-category-showcase/" + google-query: inurl:"/wp-content/plugins/wc-category-showcase/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wc-category-showcase,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wc-category-showcase/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wc-category-showcase" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wedevs-project-manager-1a5b78940fe83571dcc62181e2419a57.yaml b/nuclei-templates/cve-less/plugins/wedevs-project-manager-1a5b78940fe83571dcc62181e2419a57.yaml new file mode 100644 index 0000000000..55c4f1f84d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wedevs-project-manager-1a5b78940fe83571dcc62181e2419a57.yaml @@ -0,0 +1,59 @@ +id: wedevs-project-manager-1a5b78940fe83571dcc62181e2419a57 + +info: + name: > + Appsero <= 1.2.1 - Missing Authorization + author: topscoder + severity: low + description: > + The Appsero analytics tool used in several plugins is vulnerable to authorization bypass due to a missing capability check on the uninstall_reason_submission function used for feedback submission in versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function intended for administrator use. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/84003388-c47c-41db-8d2d-4643aa375a89?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: + metadata: + fofa-query: "wp-content/plugins/wedevs-project-manager/" + google-query: inurl:"/wp-content/plugins/wedevs-project-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wedevs-project-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wedevs-project-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wedevs-project-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/weforms-c268716bf30ae41ae60702e885e99f4e.yaml b/nuclei-templates/cve-less/plugins/weforms-c268716bf30ae41ae60702e885e99f4e.yaml new file mode 100644 index 0000000000..6a062bc0cc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/weforms-c268716bf30ae41ae60702e885e99f4e.yaml @@ -0,0 +1,59 @@ +id: weforms-c268716bf30ae41ae60702e885e99f4e + +info: + name: > + Various Plugins <= Various Version - Use of Polyfill.io + author: topscoder + severity: medium + description: > + Multiple plugins for WordPress are vulnerable to malicious redirection in various versions. This is due to the use of Polyfill.io. Polyfill.io is a JavaScript library used to streamline delivery of content across older browsers and was taken over by malicious threat actors that used the service to redirect victims to malicious websites. While many WordPress plugins utilize Polyfill.io, not all of them may have been delivering malicious content. Regardless, it is recommended to update to a version of the plugin where Polyfill is no longer used or manually remove the use of Polyfill.io from the plugin. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/379a5016-3968-4b28-8d6e-0f517e419016?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N + cvss-score: 5.3 + cve-id: + metadata: + fofa-query: "wp-content/plugins/weforms/" + google-query: inurl:"/wp-content/plugins/weforms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,weforms,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/weforms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "weforms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.23') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-category-slider-by-pluginever-6797015b1aa294b7a0bc9d0991ad019f.yaml b/nuclei-templates/cve-less/plugins/woo-category-slider-by-pluginever-6797015b1aa294b7a0bc9d0991ad019f.yaml new file mode 100644 index 0000000000..338c81a784 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-category-slider-by-pluginever-6797015b1aa294b7a0bc9d0991ad019f.yaml @@ -0,0 +1,59 @@ +id: woo-category-slider-by-pluginever-6797015b1aa294b7a0bc9d0991ad019f + +info: + name: > + Appsero <= 1.2.1 - Missing Authorization + author: topscoder + severity: low + description: > + The Appsero analytics tool used in several plugins is vulnerable to authorization bypass due to a missing capability check on the uninstall_reason_submission function used for feedback submission in versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function intended for administrator use. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/84003388-c47c-41db-8d2d-4643aa375a89?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-category-slider-by-pluginever/" + google-query: inurl:"/wp-content/plugins/woo-category-slider-by-pluginever/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-category-slider-by-pluginever,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-category-slider-by-pluginever/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-category-slider-by-pluginever" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-piwik-e3b8edf2138603e2388fa37f0ac3cd00.yaml b/nuclei-templates/cve-less/plugins/wp-piwik-e3b8edf2138603e2388fa37f0ac3cd00.yaml index 025d046adb..6a9f41a75c 100644 --- a/nuclei-templates/cve-less/plugins/wp-piwik-e3b8edf2138603e2388fa37f0ac3cd00.yaml +++ b/nuclei-templates/cve-less/plugins/wp-piwik-e3b8edf2138603e2388fa37f0ac3cd00.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: high description: > - The WP-Matomo Integration (WP-Piwik) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wp-piwik’ parameter in versions before 1.0.11 due to insufficient input sanitization and output escaping. This makes it possible for [authentication-level] attackers [inject user-level requirements if available and authentication is required] to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + The WP-Matomo Integration (WP-Piwik) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wp-piwik’ parameter in versions before 1.0.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/39564fad-a8cb-4a95-a893-d61e8ff91a53?source=api-prod diff --git a/nuclei-templates/cve-less/plugins/wp-statistics-792c3843b6d790e6b1499b537a903680.yaml b/nuclei-templates/cve-less/plugins/wp-statistics-792c3843b6d790e6b1499b537a903680.yaml index 4de9ee5149..1f9245a23a 100644 --- a/nuclei-templates/cve-less/plugins/wp-statistics-792c3843b6d790e6b1499b537a903680.yaml +++ b/nuclei-templates/cve-less/plugins/wp-statistics-792c3843b6d790e6b1499b537a903680.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: high description: > - The WP Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via IP spoofing in versions up to, and including, [up to affected version] due to insufficient input sanitization and output escaping. This makes it possible for [authentication-level] attackers [inject user-level requirements if available and authentication is required] to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + The WP Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via IP spoofing in versions up to, and including, 12.6.6.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/69f861bf-933f-4413-a5c0-fd39ee78e594?source=api-prod @@ -56,4 +56,4 @@ http: - type: dsl dsl: - - compare_versions(version, '< 12.6.7') \ No newline at end of file + - compare_versions(version, '<= 12.6.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-user-frontend-fa763ed6d9abf8f8a34db4dd372135e7.yaml b/nuclei-templates/cve-less/plugins/wp-user-frontend-fa763ed6d9abf8f8a34db4dd372135e7.yaml new file mode 100644 index 0000000000..96617546af --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-user-frontend-fa763ed6d9abf8f8a34db4dd372135e7.yaml @@ -0,0 +1,59 @@ +id: wp-user-frontend-fa763ed6d9abf8f8a34db4dd372135e7 + +info: + name: > + Various Plugins <= Various Version - Use of Polyfill.io + author: topscoder + severity: medium + description: > + Multiple plugins for WordPress are vulnerable to malicious redirection in various versions. This is due to the use of Polyfill.io. Polyfill.io is a JavaScript library used to streamline delivery of content across older browsers and was taken over by malicious threat actors that used the service to redirect victims to malicious websites. While many WordPress plugins utilize Polyfill.io, not all of them may have been delivering malicious content. Regardless, it is recommended to update to a version of the plugin where Polyfill is no longer used or manually remove the use of Polyfill.io from the plugin. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/379a5016-3968-4b28-8d6e-0f517e419016?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N + cvss-score: 5.3 + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-user-frontend/" + google-query: inurl:"/wp-content/plugins/wp-user-frontend/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-user-frontend,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-user-frontend/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-user-frontend" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/dt-chocolate-93506100b9b0457507426a27657c294a.yaml b/nuclei-templates/cve-less/themes/dt-chocolate-93506100b9b0457507426a27657c294a.yaml index d64e456d1e..4c6503b348 100644 --- a/nuclei-templates/cve-less/themes/dt-chocolate-93506100b9b0457507426a27657c294a.yaml +++ b/nuclei-templates/cve-less/themes/dt-chocolate-93506100b9b0457507426a27657c294a.yaml @@ -11,7 +11,7 @@ info: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/3f937290-fa45-4ce0-84f0-a42c83cd3bdf?source=api-prod classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N cvss-score: 4.7 cve-id: metadata: diff --git a/nuclei-templates/cve-less/themes/echelon-ba97f99552f77b14b3808016bdf6db4a.yaml b/nuclei-templates/cve-less/themes/echelon-ba97f99552f77b14b3808016bdf6db4a.yaml index 4d82ff2944..cf1712e0f0 100644 --- a/nuclei-templates/cve-less/themes/echelon-ba97f99552f77b14b3808016bdf6db4a.yaml +++ b/nuclei-templates/cve-less/themes/echelon-ba97f99552f77b14b3808016bdf6db4a.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: critical description: > - The Echelon theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ~/lib/admin/functions/media-upload.php file in versions up to, and including, [up to affected version]. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible. + The Echelon theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ~/lib/admin/functions/media-upload.php file in all versions. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/8ca7b2ab-bc01-4fd7-9cee-7cdc5a62177d?source=api-prod diff --git a/nuclei-templates/cve-less/themes/nightlife-66af289a45aee280f933e50a5adb668f.yaml b/nuclei-templates/cve-less/themes/nightlife-66af289a45aee280f933e50a5adb668f.yaml index cc307bcd59..6e98cea1dd 100644 --- a/nuclei-templates/cve-less/themes/nightlife-66af289a45aee280f933e50a5adb668f.yaml +++ b/nuclei-templates/cve-less/themes/nightlife-66af289a45aee280f933e50a5adb668f.yaml @@ -6,7 +6,7 @@ info: author: topscoder severity: critical description: > - The Nightlife Theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the upload-file.php file in all known versions. This makes it possible for [authentication-level] attackers unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible. + The Nightlife Theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the upload-file.php file in all known versions. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible. reference: - https://github.com/topscoder/nuclei-wordfence-cve - https://www.wordfence.com/threat-intel/vulnerabilities/id/2513a199-30a8-45a9-80b3-1f6e51534c88?source=api-prod