daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Auto Generated CVE annotations [Sun Mar 5 14:19:20 UTC 2023] 🤖

patch-1
GitHub Action 2023-03-05 14:19:20 +00:00
parent 95bb5205c8
commit 4792f4f440
27 changed files with 83 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
cves/2015/CVE-2015-2755.yaml
View File

@ -9,9 +9,11 @@ info:
reference:
- https://packetstormsecurity.com/files/131155/
- https://nvd.nist.gov/vuln/detail/https://nvd.nist.gov/vuln/detail/CVE-2015-2755
- http://packetstormsecurity.com/files/131155/WordPress-Google-Map-Travel-3.4-XSS-CSRF.html
- http://packetstormsecurity.com/files/130960/WordPress-AB-Google-Map-Travel-CSRF-XSS.html
metadata:
verified: "true"
tags: cve,cve2015,xss,wordpress,wp-plugin,wp,ab-map
tags: cve2015,xss,wordpress,wp-plugin,wp,ab-map,packetstorm,cve
requests:
- raw:

3
cves/2015/CVE-2015-4062.yaml
View File

@ -10,6 +10,7 @@ info:
- https://packetstormsecurity.com/files/132038/
- https://nvd.nist.gov/vuln/detail/CVE-2015-4062
- https://wordpress.org/plugins/newstatpress
- http://packetstormsecurity.com/files/132038/WordPress-NewStatPress-0.9.8-Cross-Site-Scripting-SQL-Injection.html
remediation: |
Update to plugin version 0.9.9 or latest
classification:
@ -19,7 +20,7 @@ info:
cwe-id: CWE-89
metadata:
verified: "true"
tags: cve,cve2015,sqli,wordpress,wp-plugin,wp,authenticated,newstatpress
tags: authenticated,cve,sqli,wp-plugin,newstatpress,packetstorm,cve2015,wordpress,wp
requests:
- raw:

5
cves/2015/CVE-2015-4063.yaml
View File

@ -6,14 +6,15 @@ info:
severity: medium
description: |
Cross-site scripting (XSS) vulnerability in includes/nsp_search.php in the NewStatPress plugin before 0.9.9 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the where1 parameter in the nsp_search page to wp-admin/admin.php.
remediation: Update to plugin version 0.9.9 or latest.
reference:
- https://packetstormsecurity.com/files/132038/
- https://nvd.nist.gov/vuln/detail/CVE-2015-4063
- https://wordpress.org/plugins/newstatpress/
- http://packetstormsecurity.com/files/132038/WordPress-NewStatPress-0.9.8-Cross-Site-Scripting-SQL-Injection.html
remediation: Update to plugin version 0.9.9 or latest.
metadata:
verified: "true"
tags: cve,cve2015,xss,wordpress,wp-plugin,wp,newstatpress
tags: cve,cve2015,xss,wordpress,wp-plugin,wp,newstatpress,packetstorm
requests:
- raw:

10
cves/2015/CVE-2015-9312.yaml
View File

@ -6,14 +6,20 @@ info:
severity: medium
description: |
The NewStatPress plugin utilizes on lines 28 and 31 of the file includes/nsp_search.php several variables from the $_GET scope, without sanitation. While WordPress automatically escapes quotes on this scope, the outputs on these lines are outside of quotes, and as such can be utilized to trigger a Reflected XSS attack.
remediation: Fixed in version 1.0.6
reference:
- https://wpscan.com/vulnerability/46bf6c69-b612-4aee-965d-91f53f642054
- https://nvd.nist.gov/vuln/detail/CVE-2015-9312
- https://g0blin.co.uk/g0blin-00057/
- https://wordpress.org/plugins/newstatpress/#developers
remediation: Fixed in version 1.0.6
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2015-9312
cwe-id: CWE-79
metadata:
verified: "true"
tags: cve,cve2015,xss,wordpress,wp-plugin,wp,newstatpress,authenticated
tags: cve2015,xss,authenticated,wp,newstatpress,wpscan,cve,wordpress,wp-plugin
requests:
- raw:

7
cves/2017/CVE-2017-14622.yaml
View File

@ -11,9 +11,14 @@ info:
- http://www.securityfocus.com/bid/101050
- https://wordpress.org/plugins/2kb-amazon-affiliates-store/#developers
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14622
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2017-14622
cwe-id: CWE-79
metadata:
verified: "true"
tags: xss,wordpress,wp-plugin,wp,2kb-amazon-affiliates-store,authenticated
tags: xss,wordpress,wp-plugin,wp,2kb-amazon-affiliates-store,authenticated,packetstorm
requests:
- raw:

5
cves/2018/CVE-2018-16159.yaml
View File

@ -6,11 +6,12 @@ info:
severity: critical
description: |
The Gift Vouchers plugin through 2.0.1 for WordPress allows SQL Injection via the template_id parameter in a wp-admin/admin-ajax.php wpgv_doajax_front_template request.
remediation: Fixed in version 4.1.8
reference:
- https://wpscan.com/vulnerability/9117
- https://wordpress.org/plugins/gift-voucher/
- https://nvd.nist.gov/vuln/detail/CVE-2018-16159
- https://www.exploit-db.com/exploits/45255/
remediation: Fixed in version 4.1.8
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
@ -18,7 +19,7 @@ info:
cwe-id: CWE-89
metadata:
verified: "true"
tags: cve,cve2018,sqli,wordpress,wp-plugin,wp,gift-voucher,unauth
tags: sqli,wordpress,wpscan,cve,wp-plugin,wp,gift-voucher,unauth,cve2018
requests:
- raw:

4
cves/2021/CVE-2021-24145.yaml
View File

@ -6,12 +6,12 @@ info:
severity: high
description: |
Arbitrary file upload in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly check the imported file, allowing PHP ones to be uploaded by administrator by using the 'text/csv' content-type in the request.
remediation: Fixed in version 5.16.5
reference:
- https://wpscan.com/vulnerability/f42cc26b-9aab-4824-8168-b5b8571d1610
- https://downloads.wordpress.org/plugin/modern-events-calendar-lite.5.15.5.zip
- https://github.com/dnr6419/CVE-2021-24145
- https://nvd.nist.gov/vuln/detail/CVE-2021-24145
remediation: Fixed in version 5.16.5
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
cvss-score: 7.2
@ -19,7 +19,7 @@ info:
cwe-id: CWE-434
metadata:
verified: "true"
tags: cve,cve2021,rce,wordpress,wp-plugin,wp,modern-events-calendar-lite,auth
tags: auth,wpscan,cve,wordpress,wp-plugin,wp,modern-events-calendar-lite,cve2021,rce
requests:
- raw:

4
cves/2021/CVE-2021-24155.yaml
View File

@ -6,11 +6,11 @@ info:
severity: high
description: |
The WordPress Backup and Migrate Plugin Backup Guard WordPress plugin before 1.6.0 did not ensure that the imported files are of the SGBP format and extension, allowing high privilege users (admin+) to upload arbitrary files, including PHP ones, leading to RCE.
remediation: Fixed in version 1.6.0
reference:
- https://wpscan.com/vulnerability/d442acac-4394-45e4-b6bb-adf4a40960fb
- https://wordpress.org/plugins/backup/
- https://nvd.nist.gov/vuln/detail/CVE-2021-24155
remediation: Fixed in version 1.6.0
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
cvss-score: 7.2
@ -18,7 +18,7 @@ info:
cwe-id: CWE-434
metadata:
verified: "true"
tags: cve,cve2021,rce,wordpress,wp-plugin,wp,backup,authenticated
tags: wp-plugin,authenticated,wpscan,cve2021,rce,wordpress,cve,wp,backup
requests:
- raw:

9
cves/2021/CVE-2021-24169.yaml
View File

@ -6,15 +6,20 @@ info:
severity: medium
description: |
This Advanced Order Export For WooCommerce WordPress plugin before 3.1.8 helps you to easily export WooCommerce order data. The tab parameter in the Admin Panel is vulnerable to reflected XSS.
remediation: Fixed in version 3.1.8
reference:
- https://wpscan.com/vulnerability/09681a6c-57b8-4448-982a-fe8d28c87fc3
- https://www.exploit-db.com/exploits/50324
- https://wordpress.org/plugins/woo-order-export-lite/
- https://nvd.nist.gov/vuln/detail/CVE-2021-24169
remediation: Fixed in version 3.1.8
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2021-24169
cwe-id: CWE-79
metadata:
verified: "true"
tags: cve,cve2021,xss,wordpress,wp-plugin,wp,woo-order-export-lite,authenticated
tags: wordpress,authenticated,wpscan,cve,cve2021,xss,wp-plugin,wp,woo-order-export-lite,edb
requests:
- raw:

9
cves/2021/CVE-2021-24287.yaml
View File

@ -6,15 +6,20 @@ info:
severity: medium
description: |
The settings page of the plugin did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue
remediation: Fixed in version 1.3.2
reference:
- https://www.exploit-db.com/exploits/50349
- https://nvd.nist.gov/vuln/detail/CVE-2021-24287
- https://wpscan.com/vulnerability/56e1bb56-bfc5-40dd-b2d0-edef43d89bdf
- https://wordpress.org/plugins/select-all-categories-and-taxonomies-change-checkbox-to-radio-buttons/
remediation: Fixed in version 1.3.2
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2021-24287
cwe-id: CWE-79
metadata:
verified: "true"
tags: cve,cve2021,xss,wordpress,wp-plugin,wp,select-all-categories,taxonomies-change-checkbox-to-radio-buttons,authenticated
tags: wp,select-all-categories,taxonomies-change-checkbox-to-radio-buttons,authenticated,wpscan,cve2021,xss,wp-plugin,cve,wordpress,edb
requests:
- raw:

8
cves/2021/CVE-2021-24347.yaml
View File

@ -6,19 +6,19 @@ info:
severity: high
description: |
The SP Project & Document Manager WordPress plugin before 4.22 allows users to upload files, however, the plugin attempts to prevent php and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that php files could still be uploaded by changing the file extension's case, for example, from "php" to "pHP".
remediation: Fixed in version 4.22
reference:
- https://wpscan.com/vulnerability/8f6e82d5-c0e9-468e-acb8-7cd549f6a45a
- https://wordpress.org/plugins/sp-client-document-manager/
- https://nvd.nist.gov/vuln/detail/CVE-2021-24347
remediation: Fixed in version 4.22
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.3
cvss-score: 8.8
cve-id: CVE-2021-24347
cwe-id: CWE-434
cwe-id: CWE-178
metadata:
verified: "true"
tags: cve,cve2021,rce,wordpress,wp-plugin,wp,sp-client-document-manager,authenticated
tags: wp-plugin,wp,sp-client-document-manager,authenticated,wordpress,cve2021,rce,wpscan,cve
requests:
- raw:

3
cves/2021/CVE-2021-24554.yaml
View File

@ -10,6 +10,7 @@ info:
- https://wpscan.com/vulnerability/f2842ac8-76fa-4490-aa0c-5f2b07ecf2ad
- https://wordpress.org/plugins/wp-paytm-pay/
- https://nvd.nist.gov/vuln/detail/CVE-2021-24554
- https://codevigilant.com/disclosure/2021/wp-plugin-wp-paytm-pay/
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
cvss-score: 7.2
@ -17,7 +18,7 @@ info:
cwe-id: CWE-89
metadata:
verified: "true"
tags: cve,cve2021,sqli,wordpress,wp-plugin,wp,wp-paytm-pay
tags: cve2021,sqli,wordpress,wp-plugin,wp,wp-paytm-pay,wpscan,cve
requests:
- raw:

2
cves/2021/CVE-2021-24875.yaml
View File

@ -17,7 +17,7 @@ info:
cwe-id: CWE-79
metadata:
verified: "true"
tags: cve,cve2022,xss,wp,wordpress,wp-plugin,ecommerce-product-catalog,authenticated
tags: wp,authenticated,wpscan,ecommerce-product-catalog,cve,cve2022,xss,wordpress,wp-plugin
requests:
- raw:

4
cves/2021/CVE-2021-24931.yaml
View File

@ -6,11 +6,11 @@ info:
severity: critical
description: |
The Secure Copy Content Protection and Content Locking WordPress plugin before 2.8.2 does not escape the sccp_id parameter of the ays_sccp_results_export_file AJAX action (available to both unauthenticated and authenticated users) before using it in a SQL statement, leading to an SQL injection.
remediation: Fixed in version 2.8.2
reference:
- https://wpscan.com/vulnerability/1cd52d61-af75-43ed-9b99-b46c471c4231
- https://wordpress.org/plugins/secure-copy-content-protection/
- https://nvd.nist.gov/vuln/detail/CVE-2021-24931
remediation: Fixed in version 2.8.2
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
@ -18,7 +18,7 @@ info:
cwe-id: CWE-89
metadata:
verified: "true"
tags: cve,cve2021,sqli,wordpress,wp-plugin,wp,secure-copy-content-protection,unauth
tags: wp-plugin,unauth,wpscan,cve2021,sqli,wordpress,cve,wp,secure-copy-content-protection
requests:
- raw:

2
cves/2021/CVE-2021-25067.yaml
View File

@ -18,7 +18,7 @@ info:
cwe-id: CWE-79
metadata:
verified: "true"
tags: cve,cve2021,xss,wordpress,wp-plugin,wp,page-builder-add,authenticated
tags: xss,wordpress,authenticated,wpscan,cve,cve2021,wp-plugin,wp,page-builder-add
requests:
- raw:

11
cves/2021/CVE-2021-27520.yaml
View File

@ -9,10 +9,17 @@ info:
reference:
- https://www.exploit-db.com/exploits/49943
- https://nvd.nist.gov/vuln/detail/CVE-2021-27520
- https://github.com/fudforum/FUDforum/issues/2
- http://packetstormsecurity.com/files/162942/FUDForum-3.1.0-Cross-Site-Scripting.html
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2021-27520
cwe-id: CWE-79
metadata:
verified: "true"
shodan-query: html:"FUDforum"
tags: cve,cve2021,xss,fuddorum
verified: "true"
tags: cve,cve2021,xss,fuddorum,edb
requests:
- method: GET

2
cves/2022/CVE-2022-0693.yaml
View File

@ -17,7 +17,7 @@ info:
cwe-id: CWE-89
metadata:
verified: "true"
tags: cve,cve2022,sqli,wordpress,wp-plugin,wp,master-elements,unauth
tags: unauth,wpscan,wp-plugin,wp,sqli,wordpress,master-elements,cve,cve2022
requests:
- raw:

2
cves/2022/CVE-2022-0760.yaml
View File

@ -17,7 +17,7 @@ info:
cwe-id: CWE-89
metadata:
verified: "true"
tags: cve,cve2022,sqli,wordpress,wp-plugin,wp,simple-link-directory,unauth
tags: cve,cve2022,sqli,wordpress,wp-plugin,wp,simple-link-directory,unauth,wpscan
requests:
- raw:

2
cves/2022/CVE-2022-0949.yaml
View File

@ -18,7 +18,7 @@ info:
cwe-id: CWE-89
metadata:
verified: "true"
tags: cve,cve2022,sqli,wordpress,wp-plugin,wp,stopbadbots,unauth
tags: cve,stopbadbots,wp-plugin,wp,unauth,wpscan,cve2022,sqli,wordpress
variables:
IP: '{{rand_ip("1.1.1.0/24")}}'

2
cves/2022/CVE-2022-1013.yaml
View File

@ -18,7 +18,7 @@ info:
cwe-id: CWE-89
metadata:
verified: "true"
tags: cve,cve2022,sqli,wordpress,wp-plugin,wp,personal-dictionary,unauth
tags: wp,unauth,wpscan,cve,cve2022,sqli,wordpress,wp-plugin,personal-dictionary
requests:
- raw:

2
cves/2022/CVE-2022-3934.yaml
View File

@ -17,7 +17,7 @@ info:
cwe-id: CWE-79
metadata:
verified: "true"
tags: cve,cve2022,xss,flatpm,wordpress,wp-plugin,authenticated
tags: authenticated,wpscan,cve,cve2022,xss,flatpm,wordpress,wp-plugin
requests:
- raw:

2
cves/2022/CVE-2022-4060.yaml
View File

@ -17,7 +17,7 @@ info:
cwe-id: CWE-94
metadata:
verified: "true"
tags: cve,cve2022,rce,wordpress,wp-plugin,wp,wp-upg,unauth
tags: unauth,wpscan,cve2022,rce,wordpress,wp-plugin,wp,cve,wp-upg
requests:
- method: GET

2
cves/2022/CVE-2022-4063.yaml
View File

@ -18,7 +18,7 @@ info:
cwe-id: CWE-22
metadata:
verified: "true"
tags: cve,cve2022,lfi,wordpress,wp-plugin,wp,inpost-gallery,unauth
tags: cve,wp-plugin,wp,inpost-gallery,cve2022,lfi,wordpress,unauth,wpscan
requests:
- method: GET

8
cves/2022/CVE-2022-46888.yaml
View File

@ -9,9 +9,15 @@ info:
reference:
- https://www.surecloud.com/resources/blog/nexusphp-surecloud-security-review-identifies-authenticated-unauthenticated-vulnerabilities
- https://nvd.nist.gov/vuln/detail/CVE-2022-46888
- https://github.com/xiaomlove/nexusphp/releases/tag/v1.7.33
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2022-46888
cwe-id: CWE-79
metadata:
verified: true
shodan-query: http.favicon.hash:-582931176
verified: "true"
tags: cve,cve2022,nexus,php,nexusphp,xss
requests:

7
cves/2023/CVE-2023-23492.yaml
View File

@ -3,7 +3,7 @@ id: CVE-2023-23492
info:
name: Login with Phone Number - Cross-Site Scripting
author: r3Y3r53
severity: medium
severity: high
description: |
Login with Phone Number, versions < 1.4.2, is affected by an reflected XSS vulnerability in the login-with-phonenumber.php' file in the 'lwp_forgot_password()' function.
reference:
@ -11,10 +11,13 @@ info:
- https://www.tenable.com/security/research/tra-2023-3
- https://nvd.nist.gov/vuln/detail/CVE-2023-23492
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.8
cve-id: CVE-2023-23492
cwe-id: CWE-89
metadata:
verified: "true"
tags: cve,cve2023,login-with-phonenumber,wordpress,wp,wp-plugin,xss
tags: login-with-phonenumber,wordpress,wp,wp-plugin,xss,tenable,cve,cve2023
requests:
- method: GET

2
vulnerabilities/wordpress/3d-print-lite-xss.yaml
View File

@ -12,7 +12,7 @@ info:
- https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-3dprint-lite-cross-site-scripting-1-9-1-5/
metadata:
verified: "true"
tags: xss,wordpress,wp-plugin,wp,3dprint,lite,authenticated
tags: 3dprint,lite,authenticated,wpscan,xss,wordpress,wp-plugin,wp
requests:
- raw:

2
vulnerabilities/wordpress/wp-touch-redirect.yaml
View File

@ -11,7 +11,7 @@ info:
metadata:
verified: "true"
google-query: "inurl:/wp-content/plugins/wptouch"
tags: wptouch,unauth,redirect,wordpress,wp-plugin,wp
tags: wp-plugin,wp,packetstorm,wptouch,unauth,redirect,wordpress
requests:
- method: GET