From 0154892ec8761dc40a9185eeda7dda5e389292a1 Mon Sep 17 00:00:00 2001
From: Prince Chaddha <prince@projectdiscovery.io>
Date: Sun, 1 May 2022 02:10:38 +0530
Subject: [PATCH 1/2] Create CVE-2021-25118.yaml

---
 cves/2021/CVE-2021-25118.yaml | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)
 create mode 100644 cves/2021/CVE-2021-25118.yaml

diff --git a/cves/2021/CVE-2021-25118.yaml b/cves/2021/CVE-2021-25118.yaml
new file mode 100644
index 0000000000..f598ad2e9e
--- /dev/null
+++ b/cves/2021/CVE-2021-25118.yaml
@@ -0,0 +1,32 @@
+id: CVE-2021-25118
+
+info:
+  name: Yoast SEO < 17.3 - Unauthenticated Full Path Disclosure
+  author: DhiyaneshDK
+  severity: low
+  description: The plugin discloses the full internal path of featured images in posts via the wp/v2/posts REST endpoints which could help an attacker identify other vulnerabilities or help during the exploitation of other identified vulnerabilities.
+  remediation: Fixed in version 17.3
+  reference:
+    - https://wpscan.com/vulnerability/2c3f9038-632d-40ef-a099-6ea202efb550
+  tags: wordpress,cve2021,wp-plugin
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/wp-json/wp/v2/posts?per_page=1"
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "application/json"
+        part: header
+
+      - type: word
+        words:
+          - '\/var\/www\/html\'
+        condition: and
+        part: body

From b6c8d874d10a1d9d473948028488b2d7fbe8ee18 Mon Sep 17 00:00:00 2001
From: Prince Chaddha <prince@projectdiscovery.io>
Date: Sun, 1 May 2022 02:20:08 +0530
Subject: [PATCH 2/2] Update CVE-2021-25118.yaml

---
 cves/2021/CVE-2021-25118.yaml | 27 +++++++++++++++++----------
 1 file changed, 17 insertions(+), 10 deletions(-)

diff --git a/cves/2021/CVE-2021-25118.yaml b/cves/2021/CVE-2021-25118.yaml
index f598ad2e9e..660bf81230 100644
--- a/cves/2021/CVE-2021-25118.yaml
+++ b/cves/2021/CVE-2021-25118.yaml
@@ -8,25 +8,32 @@ info:
   remediation: Fixed in version 17.3
   reference:
     - https://wpscan.com/vulnerability/2c3f9038-632d-40ef-a099-6ea202efb550
-  tags: wordpress,cve2021,wp-plugin
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-25118
+  tags: wordpress,cve2021,wp-plugin,fpd,cve,wp
 
 requests:
   - method: GET
     path:
       - "{{BaseURL}}/wp-json/wp/v2/posts?per_page=1"
+
     matchers-condition: and
     matchers:
+      - type: regex
+        regex:
+          - '"path":"(.*)/wp-content\\(.*)","size'
+
+      - type: word
+        part: header
+        words:
+          - "application/json"
+
       - type: status
         status:
           - 200
 
-      - type: word
-        words:
-          - "application/json"
-        part: header
-
-      - type: word
-        words:
-          - '\/var\/www\/html\'
-        condition: and
+    extractors:
+      - type: regex
         part: body
+        group: 1
+        regex:
+          - '"path":"(.*)/wp-content\\(.*)","size'