From 2e8c15d5fc76e2bffc9416c23a069d8baeeac875 Mon Sep 17 00:00:00 2001
From: Alan Brian <36174194+alanbriangh@users.noreply.github.com>
Date: Sun, 21 Mar 2021 14:51:13 -0300
Subject: [PATCH] FIX: Add 2020-35489 detection

Add 2020-35489 detection
---
 cves/2020/CVE-2020-35489.yaml | 116 ++++++++++++++++++++++++++++++++++
 1 file changed, 116 insertions(+)
 create mode 100644 cves/2020/CVE-2020-35489.yaml

diff --git a/cves/2020/CVE-2020-35489.yaml b/cves/2020/CVE-2020-35489.yaml
new file mode 100644
index 0000000000..a85f0dfa06
--- /dev/null
+++ b/cves/2020/CVE-2020-35489.yaml
@@ -0,0 +1,116 @@
+id: 2020-35489
+info:
+  name: WordPress Contact Form 7 Plugin - Unrestricted File Upload 
+  author: soyelmago
+  severity: critical
+  reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35489
+  tags: cve,cve2020,wordpress,plugin
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/wp-content/plugins/contact-form-7/readme.txt"
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+      - type: word
+        words:
+          - "Contact Form 7"
+        condition: and
+        part: body
+      - type: word
+        words:
+          - "2.0.7"
+          - "2.1"
+          - "2.1.2"
+          - "2.2"
+          - "2.2.1"
+          - "2.3"
+          - "2.3.1"
+          - "2.4"
+          - "2.4.1"
+          - "2.4.2"
+          - "2.4.3"
+          - "2.4.4"
+          - "2.4.5"
+          - "2.4.6"
+          - "3.0"
+          - "3.0.1"
+          - "3.0.2"
+          - "3.1"
+          - "3.1.1"
+          - "3.1.2"
+          - "3.2"
+          - "3.3"
+          - "3.3.1"
+          - "3.3.2"
+          - "3.3.3"
+          - "3.4"
+          - "3.4.1"
+          - "3.4.2"
+          - "3.5"
+          - "3.5.1"
+          - "3.5.2"
+          - "3.5.3"
+          - "3.5.4"
+          - "3.6"
+          - "3.7"
+          - "3.7.1"
+          - "3.7.2"
+          - "3.8"
+          - "3.8.1"
+          - "3.9"
+          - "3.9.1"
+          - "3.9.2"
+          - "3.9.3"
+          - "4.0"
+          - "4.0.1"
+          - "4.0.2"
+          - "4.0.3"
+          - "4.1"
+          - "4.1.1"
+          - "4.1.2"
+          - "4.2"
+          - "4.2.1"
+          - "4.2.2"
+          - "4.3"
+          - "4.3.1"
+          - "4.4"
+          - "4.4.1"
+          - "4.4.2"
+          - "4.5"
+          - "4.5.1"
+          - "4.6"
+          - "4.6.1"
+          - "4.7"
+          - "4.8"
+          - "4.8.1"
+          - "4.9"
+          - "4.9.1"
+          - "4.9.2"
+          - "5.0"
+          - "5.0.1"
+          - "5.0.2"
+          - "5.0.3"
+          - "5.0.4"
+          - "5.0.5"
+          - "5.1"
+          - "5.1.1"
+          - "5.1.2"
+          - "5.1.4"
+          - "5.1.5"
+          - "5.1.6"
+          - "5.1.7"
+          - "5.1.8"
+          - "5.1.9"
+          - "5.2"
+          - "5.2.1"
+          - "5.2.2"
+          - "5.3"
+          - "5.3.1"
+        condition: or
+        part: body
+         
+