daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

More references

patch-1
Noam Rathaus 2021-08-01 09:16:33 +03:00
parent 3de7af6018
commit 03dfb4bff6
4 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cves/2016/CVE-2016-1000128.yaml
View File

@ -5,7 +5,7 @@ info:
author: daffainfo
severity: medium
description: Reflected XSS in wordpress plugin anti-plagiarism v3.60
reference:
reference: |
- http://www.vapidlabs.com/wp/wp_advisory.php?v=161
- https://wordpress.org/plugins/anti-plagiarism
tags: cve,cve2016,wordpress,xss,wp-plugin

2
cves/2019/CVE-2019-16332.yaml
View File

@ -5,7 +5,7 @@ info:
author: daffainfo
severity: medium
description: In the api-bearer-auth plugin before 20190907 for WordPress, the server parameter is not correctly filtered in the swagger-config.yaml.php file, and it is possible to inject JavaScript code, aka XSS.
reference:
reference: |
- https://plugins.trac.wordpress.org/changeset/2152730
- https://wordpress.org/plugins/api-bearer-auth/#developers
tags: cve,cve2019,wordpress,xss,wp-plugin

4
cves/2021/CVE-2021-21389.yaml
View File

@ -7,7 +7,9 @@ info:
description: The BuddyPress WordPress plugin was affected by an REST API Privilege Escalation to RCE
reference: |
- https://github.com/HoangKien1020/CVE-2021-21389
- https://nvd.nist.gov/vuln/detail/CVE-2021-21389
- https://buddypress.org/2021/03/buddypress-7-2-1-security-release/
- https://codex.buddypress.org/releases/version-7-2-1/
- https://github.com/buddypress/BuddyPress/security/advisories/GHSA-m6j4-8r7p-wpp3
tags: cve,cve2021,wordpress,wp-plugin,rce

2
cves/2021/CVE-2021-24320.yaml
View File

@ -5,7 +5,7 @@ info:
author: daffainfo
severity: medium
description: The Bello - Directory & Listing WordPress theme before 1.6.0 did not properly sanitise and escape its listing_list_view, bt_bb_listing_field_my_lat, bt_bb_listing_field_my_lng, bt_bb_listing_field_distance_value, bt_bb_listing_field_my_lat_default, bt_bb_listing_field_keyword, bt_bb_listing_field_location_autocomplete, bt_bb_listing_field_price_range_from and bt_bb_listing_field_price_range_to parameter in ints listing page, leading to reflected Cross-Site Scripting issues.
reference:
reference: |
- https://m0ze.ru/vulnerability/%5B2021-03-21%5D-%5BWordPress%5D-%5BCWE-79%5D-Bello-WordPress-Theme-v1.5.9.txt
- https://wpscan.com/vulnerability/6b5b42fd-028a-4405-b027-3266058029bb
tags: cve,cve2021,wordpress,xss,wp-plugin