daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Auto Generated CVE annotations [Sun Mar 5 14:19:20 UTC 2023] 🤖

patch-1
GitHub Action 2023-03-05 14:19:20 +00:00
parent 95bb5205c8
commit 4792f4f440
27 changed files with 83 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
cves/2015/CVE-2015-2755.yaml
View File

@ -9,9 +9,11 @@ info:
reference: reference:
- https://packetstormsecurity.com/files/131155/ - https://packetstormsecurity.com/files/131155/
- https://nvd.nist.gov/vuln/detail/https://nvd.nist.gov/vuln/detail/CVE-2015-2755 - https://nvd.nist.gov/vuln/detail/https://nvd.nist.gov/vuln/detail/CVE-2015-2755
- http://packetstormsecurity.com/files/131155/WordPress-Google-Map-Travel-3.4-XSS-CSRF.html
- http://packetstormsecurity.com/files/130960/WordPress-AB-Google-Map-Travel-CSRF-XSS.html
metadata: metadata:
verified: "true" verified: "true"
tags: cve,cve2015,xss,wordpress,wp-plugin,wp,ab-map tags: cve2015,xss,wordpress,wp-plugin,wp,ab-map,packetstorm,cve
requests: requests:
- raw: - raw:

3
cves/2015/CVE-2015-4062.yaml
View File

@ -10,6 +10,7 @@ info:
- https://packetstormsecurity.com/files/132038/ - https://packetstormsecurity.com/files/132038/
- https://nvd.nist.gov/vuln/detail/CVE-2015-4062 - https://nvd.nist.gov/vuln/detail/CVE-2015-4062
- https://wordpress.org/plugins/newstatpress - https://wordpress.org/plugins/newstatpress
- http://packetstormsecurity.com/files/132038/WordPress-NewStatPress-0.9.8-Cross-Site-Scripting-SQL-Injection.html
remediation: | remediation: |
Update to plugin version 0.9.9 or latest Update to plugin version 0.9.9 or latest
classification: classification:
@ -19,7 +20,7 @@ info:
cwe-id: CWE-89 cwe-id: CWE-89
metadata: metadata:
verified: "true" verified: "true"
tags: cve,cve2015,sqli,wordpress,wp-plugin,wp,authenticated,newstatpress tags: authenticated,cve,sqli,wp-plugin,newstatpress,packetstorm,cve2015,wordpress,wp
requests: requests:
- raw: - raw:

5
cves/2015/CVE-2015-4063.yaml
View File

@ -6,14 +6,15 @@ info:
severity: medium severity: medium
description: | description: |
Cross-site scripting (XSS) vulnerability in includes/nsp_search.php in the NewStatPress plugin before 0.9.9 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the where1 parameter in the nsp_search page to wp-admin/admin.php. Cross-site scripting (XSS) vulnerability in includes/nsp_search.php in the NewStatPress plugin before 0.9.9 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the where1 parameter in the nsp_search page to wp-admin/admin.php.
remediation: Update to plugin version 0.9.9 or latest.
reference: reference:
- https://packetstormsecurity.com/files/132038/ - https://packetstormsecurity.com/files/132038/
- https://nvd.nist.gov/vuln/detail/CVE-2015-4063 - https://nvd.nist.gov/vuln/detail/CVE-2015-4063
- https://wordpress.org/plugins/newstatpress/ - https://wordpress.org/plugins/newstatpress/
- http://packetstormsecurity.com/files/132038/WordPress-NewStatPress-0.9.8-Cross-Site-Scripting-SQL-Injection.html
remediation: Update to plugin version 0.9.9 or latest.
metadata: metadata:
verified: "true" verified: "true"
tags: cve,cve2015,xss,wordpress,wp-plugin,wp,newstatpress tags: cve,cve2015,xss,wordpress,wp-plugin,wp,newstatpress,packetstorm
requests: requests:
- raw: - raw:

10
cves/2015/CVE-2015-9312.yaml
View File

@ -6,14 +6,20 @@ info:
severity: medium severity: medium
description: | description: |
The NewStatPress plugin utilizes on lines 28 and 31 of the file includes/nsp_search.php several variables from the $_GET scope, without sanitation. While WordPress automatically escapes quotes on this scope, the outputs on these lines are outside of quotes, and as such can be utilized to trigger a Reflected XSS attack. The NewStatPress plugin utilizes on lines 28 and 31 of the file includes/nsp_search.php several variables from the $_GET scope, without sanitation. While WordPress automatically escapes quotes on this scope, the outputs on these lines are outside of quotes, and as such can be utilized to trigger a Reflected XSS attack.
remediation: Fixed in version 1.0.6
reference: reference:
- https://wpscan.com/vulnerability/46bf6c69-b612-4aee-965d-91f53f642054 - https://wpscan.com/vulnerability/46bf6c69-b612-4aee-965d-91f53f642054
- https://nvd.nist.gov/vuln/detail/CVE-2015-9312 - https://nvd.nist.gov/vuln/detail/CVE-2015-9312
- https://g0blin.co.uk/g0blin-00057/ - https://g0blin.co.uk/g0blin-00057/
- https://wordpress.org/plugins/newstatpress/#developers
remediation: Fixed in version 1.0.6
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2015-9312
cwe-id: CWE-79
metadata: metadata:
verified: "true" verified: "true"
tags: cve,cve2015,xss,wordpress,wp-plugin,wp,newstatpress,authenticated tags: cve2015,xss,authenticated,wp,newstatpress,wpscan,cve,wordpress,wp-plugin
requests: requests:
- raw: - raw:

7
cves/2017/CVE-2017-14622.yaml
View File

@ -11,9 +11,14 @@ info:
- http://www.securityfocus.com/bid/101050 - http://www.securityfocus.com/bid/101050
- https://wordpress.org/plugins/2kb-amazon-affiliates-store/#developers - https://wordpress.org/plugins/2kb-amazon-affiliates-store/#developers
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14622 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14622
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2017-14622
cwe-id: CWE-79
metadata: metadata:
verified: "true" verified: "true"
tags: xss,wordpress,wp-plugin,wp,2kb-amazon-affiliates-store,authenticated tags: xss,wordpress,wp-plugin,wp,2kb-amazon-affiliates-store,authenticated,packetstorm
requests: requests:
- raw: - raw:

5
cves/2018/CVE-2018-16159.yaml
View File

@ -6,11 +6,12 @@ info:
severity: critical severity: critical
description: | description: |
The Gift Vouchers plugin through 2.0.1 for WordPress allows SQL Injection via the template_id parameter in a wp-admin/admin-ajax.php wpgv_doajax_front_template request. The Gift Vouchers plugin through 2.0.1 for WordPress allows SQL Injection via the template_id parameter in a wp-admin/admin-ajax.php wpgv_doajax_front_template request.
remediation: Fixed in version 4.1.8
reference: reference:
- https://wpscan.com/vulnerability/9117 - https://wpscan.com/vulnerability/9117
- https://wordpress.org/plugins/gift-voucher/ - https://wordpress.org/plugins/gift-voucher/
- https://nvd.nist.gov/vuln/detail/CVE-2018-16159 - https://nvd.nist.gov/vuln/detail/CVE-2018-16159
- https://www.exploit-db.com/exploits/45255/
remediation: Fixed in version 4.1.8
classification: classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8 cvss-score: 9.8
@ -18,7 +19,7 @@ info:
cwe-id: CWE-89 cwe-id: CWE-89
metadata: metadata:
verified: "true" verified: "true"
tags: cve,cve2018,sqli,wordpress,wp-plugin,wp,gift-voucher,unauth tags: sqli,wordpress,wpscan,cve,wp-plugin,wp,gift-voucher,unauth,cve2018
requests: requests:
- raw: - raw:

4
cves/2021/CVE-2021-24145.yaml
View File

@ -6,12 +6,12 @@ info:
severity: high severity: high
description: | description: |
Arbitrary file upload in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly check the imported file, allowing PHP ones to be uploaded by administrator by using the 'text/csv' content-type in the request. Arbitrary file upload in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly check the imported file, allowing PHP ones to be uploaded by administrator by using the 'text/csv' content-type in the request.
remediation: Fixed in version 5.16.5
reference: reference:
- https://wpscan.com/vulnerability/f42cc26b-9aab-4824-8168-b5b8571d1610 - https://wpscan.com/vulnerability/f42cc26b-9aab-4824-8168-b5b8571d1610
- https://downloads.wordpress.org/plugin/modern-events-calendar-lite.5.15.5.zip - https://downloads.wordpress.org/plugin/modern-events-calendar-lite.5.15.5.zip
- https://github.com/dnr6419/CVE-2021-24145 - https://github.com/dnr6419/CVE-2021-24145
- https://nvd.nist.gov/vuln/detail/CVE-2021-24145 - https://nvd.nist.gov/vuln/detail/CVE-2021-24145
remediation: Fixed in version 5.16.5
classification: classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
cvss-score: 7.2 cvss-score: 7.2
@ -19,7 +19,7 @@ info:
cwe-id: CWE-434 cwe-id: CWE-434
metadata: metadata:
verified: "true" verified: "true"
tags: cve,cve2021,rce,wordpress,wp-plugin,wp,modern-events-calendar-lite,auth tags: auth,wpscan,cve,wordpress,wp-plugin,wp,modern-events-calendar-lite,cve2021,rce
requests: requests:
- raw: - raw:

4
cves/2021/CVE-2021-24155.yaml
View File

@ -6,11 +6,11 @@ info:
severity: high severity: high
description: | description: |
The WordPress Backup and Migrate Plugin Backup Guard WordPress plugin before 1.6.0 did not ensure that the imported files are of the SGBP format and extension, allowing high privilege users (admin+) to upload arbitrary files, including PHP ones, leading to RCE. The WordPress Backup and Migrate Plugin Backup Guard WordPress plugin before 1.6.0 did not ensure that the imported files are of the SGBP format and extension, allowing high privilege users (admin+) to upload arbitrary files, including PHP ones, leading to RCE.
remediation: Fixed in version 1.6.0
reference: reference:
- https://wpscan.com/vulnerability/d442acac-4394-45e4-b6bb-adf4a40960fb - https://wpscan.com/vulnerability/d442acac-4394-45e4-b6bb-adf4a40960fb
- https://wordpress.org/plugins/backup/ - https://wordpress.org/plugins/backup/
- https://nvd.nist.gov/vuln/detail/CVE-2021-24155 - https://nvd.nist.gov/vuln/detail/CVE-2021-24155
remediation: Fixed in version 1.6.0
classification: classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
cvss-score: 7.2 cvss-score: 7.2
@ -18,7 +18,7 @@ info:
cwe-id: CWE-434 cwe-id: CWE-434
metadata: metadata:
verified: "true" verified: "true"
tags: cve,cve2021,rce,wordpress,wp-plugin,wp,backup,authenticated tags: wp-plugin,authenticated,wpscan,cve2021,rce,wordpress,cve,wp,backup
requests: requests:
- raw: - raw:

9
cves/2021/CVE-2021-24169.yaml
View File

@ -6,15 +6,20 @@ info:
severity: medium severity: medium
description: | description: |
This Advanced Order Export For WooCommerce WordPress plugin before 3.1.8 helps you to easily export WooCommerce order data. The tab parameter in the Admin Panel is vulnerable to reflected XSS. This Advanced Order Export For WooCommerce WordPress plugin before 3.1.8 helps you to easily export WooCommerce order data. The tab parameter in the Admin Panel is vulnerable to reflected XSS.
remediation: Fixed in version 3.1.8
reference: reference:
- https://wpscan.com/vulnerability/09681a6c-57b8-4448-982a-fe8d28c87fc3 - https://wpscan.com/vulnerability/09681a6c-57b8-4448-982a-fe8d28c87fc3
- https://www.exploit-db.com/exploits/50324 - https://www.exploit-db.com/exploits/50324
- https://wordpress.org/plugins/woo-order-export-lite/ - https://wordpress.org/plugins/woo-order-export-lite/
- https://nvd.nist.gov/vuln/detail/CVE-2021-24169 - https://nvd.nist.gov/vuln/detail/CVE-2021-24169
remediation: Fixed in version 3.1.8
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2021-24169
cwe-id: CWE-79
metadata: metadata:
verified: "true" verified: "true"
tags: cve,cve2021,xss,wordpress,wp-plugin,wp,woo-order-export-lite,authenticated tags: wordpress,authenticated,wpscan,cve,cve2021,xss,wp-plugin,wp,woo-order-export-lite,edb
requests: requests:
- raw: - raw:

9
cves/2021/CVE-2021-24287.yaml
View File

@ -6,15 +6,20 @@ info:
severity: medium severity: medium
description: | description: |
The settings page of the plugin did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue The settings page of the plugin did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue
remediation: Fixed in version 1.3.2
reference: reference:
- https://www.exploit-db.com/exploits/50349 - https://www.exploit-db.com/exploits/50349
- https://nvd.nist.gov/vuln/detail/CVE-2021-24287 - https://nvd.nist.gov/vuln/detail/CVE-2021-24287
- https://wpscan.com/vulnerability/56e1bb56-bfc5-40dd-b2d0-edef43d89bdf - https://wpscan.com/vulnerability/56e1bb56-bfc5-40dd-b2d0-edef43d89bdf
- https://wordpress.org/plugins/select-all-categories-and-taxonomies-change-checkbox-to-radio-buttons/ - https://wordpress.org/plugins/select-all-categories-and-taxonomies-change-checkbox-to-radio-buttons/
remediation: Fixed in version 1.3.2
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2021-24287
cwe-id: CWE-79
metadata: metadata:
verified: "true" verified: "true"
tags: cve,cve2021,xss,wordpress,wp-plugin,wp,select-all-categories,taxonomies-change-checkbox-to-radio-buttons,authenticated tags: wp,select-all-categories,taxonomies-change-checkbox-to-radio-buttons,authenticated,wpscan,cve2021,xss,wp-plugin,cve,wordpress,edb
requests: requests:
- raw: - raw:

8
cves/2021/CVE-2021-24347.yaml
View File

@ -6,19 +6,19 @@ info:
severity: high severity: high
description: | description: |
The SP Project & Document Manager WordPress plugin before 4.22 allows users to upload files, however, the plugin attempts to prevent php and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that php files could still be uploaded by changing the file extension's case, for example, from "php" to "pHP". The SP Project & Document Manager WordPress plugin before 4.22 allows users to upload files, however, the plugin attempts to prevent php and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that php files could still be uploaded by changing the file extension's case, for example, from "php" to "pHP".
remediation: Fixed in version 4.22
reference: reference:
- https://wpscan.com/vulnerability/8f6e82d5-c0e9-468e-acb8-7cd549f6a45a - https://wpscan.com/vulnerability/8f6e82d5-c0e9-468e-acb8-7cd549f6a45a
- https://wordpress.org/plugins/sp-client-document-manager/ - https://wordpress.org/plugins/sp-client-document-manager/
- https://nvd.nist.gov/vuln/detail/CVE-2021-24347 - https://nvd.nist.gov/vuln/detail/CVE-2021-24347
remediation: Fixed in version 4.22
classification: classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.3 cvss-score: 8.8
cve-id: CVE-2021-24347 cve-id: CVE-2021-24347
cwe-id: CWE-434 cwe-id: CWE-178
metadata: metadata:
verified: "true" verified: "true"
tags: cve,cve2021,rce,wordpress,wp-plugin,wp,sp-client-document-manager,authenticated tags: wp-plugin,wp,sp-client-document-manager,authenticated,wordpress,cve2021,rce,wpscan,cve
requests: requests:
- raw: - raw:

3
cves/2021/CVE-2021-24554.yaml
View File

@ -10,6 +10,7 @@ info:
- https://wpscan.com/vulnerability/f2842ac8-76fa-4490-aa0c-5f2b07ecf2ad - https://wpscan.com/vulnerability/f2842ac8-76fa-4490-aa0c-5f2b07ecf2ad
- https://wordpress.org/plugins/wp-paytm-pay/ - https://wordpress.org/plugins/wp-paytm-pay/
- https://nvd.nist.gov/vuln/detail/CVE-2021-24554 - https://nvd.nist.gov/vuln/detail/CVE-2021-24554
- https://codevigilant.com/disclosure/2021/wp-plugin-wp-paytm-pay/
classification: classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
cvss-score: 7.2 cvss-score: 7.2
@ -17,7 +18,7 @@ info:
cwe-id: CWE-89 cwe-id: CWE-89
metadata: metadata:
verified: "true" verified: "true"
tags: cve,cve2021,sqli,wordpress,wp-plugin,wp,wp-paytm-pay tags: cve2021,sqli,wordpress,wp-plugin,wp,wp-paytm-pay,wpscan,cve
requests: requests:
- raw: - raw:

2
cves/2021/CVE-2021-24875.yaml
View File

@ -17,7 +17,7 @@ info:
cwe-id: CWE-79 cwe-id: CWE-79
metadata: metadata:
verified: "true" verified: "true"
tags: cve,cve2022,xss,wp,wordpress,wp-plugin,ecommerce-product-catalog,authenticated tags: wp,authenticated,wpscan,ecommerce-product-catalog,cve,cve2022,xss,wordpress,wp-plugin
requests: requests:
- raw: - raw:

4
cves/2021/CVE-2021-24931.yaml
View File

@ -6,11 +6,11 @@ info:
severity: critical severity: critical
description: | description: |
The Secure Copy Content Protection and Content Locking WordPress plugin before 2.8.2 does not escape the sccp_id parameter of the ays_sccp_results_export_file AJAX action (available to both unauthenticated and authenticated users) before using it in a SQL statement, leading to an SQL injection. The Secure Copy Content Protection and Content Locking WordPress plugin before 2.8.2 does not escape the sccp_id parameter of the ays_sccp_results_export_file AJAX action (available to both unauthenticated and authenticated users) before using it in a SQL statement, leading to an SQL injection.
remediation: Fixed in version 2.8.2
reference: reference:
- https://wpscan.com/vulnerability/1cd52d61-af75-43ed-9b99-b46c471c4231 - https://wpscan.com/vulnerability/1cd52d61-af75-43ed-9b99-b46c471c4231
- https://wordpress.org/plugins/secure-copy-content-protection/ - https://wordpress.org/plugins/secure-copy-content-protection/
- https://nvd.nist.gov/vuln/detail/CVE-2021-24931 - https://nvd.nist.gov/vuln/detail/CVE-2021-24931
remediation: Fixed in version 2.8.2
classification: classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8 cvss-score: 9.8
@ -18,7 +18,7 @@ info:
cwe-id: CWE-89 cwe-id: CWE-89
metadata: metadata:
verified: "true" verified: "true"
tags: cve,cve2021,sqli,wordpress,wp-plugin,wp,secure-copy-content-protection,unauth tags: wp-plugin,unauth,wpscan,cve2021,sqli,wordpress,cve,wp,secure-copy-content-protection
requests: requests:
- raw: - raw:

2
cves/2021/CVE-2021-25067.yaml
View File

@ -18,7 +18,7 @@ info:
cwe-id: CWE-79 cwe-id: CWE-79
metadata: metadata:
verified: "true" verified: "true"
tags: cve,cve2021,xss,wordpress,wp-plugin,wp,page-builder-add,authenticated tags: xss,wordpress,authenticated,wpscan,cve,cve2021,wp-plugin,wp,page-builder-add
requests: requests:
- raw: - raw:

11
cves/2021/CVE-2021-27520.yaml
View File

@ -9,10 +9,17 @@ info:
reference: reference:
- https://www.exploit-db.com/exploits/49943 - https://www.exploit-db.com/exploits/49943
- https://nvd.nist.gov/vuln/detail/CVE-2021-27520 - https://nvd.nist.gov/vuln/detail/CVE-2021-27520
- https://github.com/fudforum/FUDforum/issues/2
- http://packetstormsecurity.com/files/162942/FUDForum-3.1.0-Cross-Site-Scripting.html
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2021-27520
cwe-id: CWE-79
metadata: metadata:
verified: "true"
shodan-query: html:"FUDforum" shodan-query: html:"FUDforum"
tags: cve,cve2021,xss,fuddorum verified: "true"
tags: cve,cve2021,xss,fuddorum,edb
requests: requests:
- method: GET - method: GET

2
cves/2022/CVE-2022-0693.yaml
View File

@ -17,7 +17,7 @@ info:
cwe-id: CWE-89 cwe-id: CWE-89
metadata: metadata:
verified: "true" verified: "true"
tags: cve,cve2022,sqli,wordpress,wp-plugin,wp,master-elements,unauth tags: unauth,wpscan,wp-plugin,wp,sqli,wordpress,master-elements,cve,cve2022
requests: requests:
- raw: - raw:

2
cves/2022/CVE-2022-0760.yaml
View File

@ -17,7 +17,7 @@ info:
cwe-id: CWE-89 cwe-id: CWE-89
metadata: metadata:
verified: "true" verified: "true"
tags: cve,cve2022,sqli,wordpress,wp-plugin,wp,simple-link-directory,unauth tags: cve,cve2022,sqli,wordpress,wp-plugin,wp,simple-link-directory,unauth,wpscan
requests: requests:
- raw: - raw:

2
cves/2022/CVE-2022-0949.yaml
View File

@ -18,7 +18,7 @@ info:
cwe-id: CWE-89 cwe-id: CWE-89
metadata: metadata:
verified: "true" verified: "true"
tags: cve,cve2022,sqli,wordpress,wp-plugin,wp,stopbadbots,unauth tags: cve,stopbadbots,wp-plugin,wp,unauth,wpscan,cve2022,sqli,wordpress
variables: variables:
IP: '{{rand_ip("1.1.1.0/24")}}' IP: '{{rand_ip("1.1.1.0/24")}}'

2
cves/2022/CVE-2022-1013.yaml
View File

@ -18,7 +18,7 @@ info:
cwe-id: CWE-89 cwe-id: CWE-89
metadata: metadata:
verified: "true" verified: "true"
tags: cve,cve2022,sqli,wordpress,wp-plugin,wp,personal-dictionary,unauth tags: wp,unauth,wpscan,cve,cve2022,sqli,wordpress,wp-plugin,personal-dictionary
requests: requests:
- raw: - raw:

2
cves/2022/CVE-2022-3934.yaml
View File

@ -17,7 +17,7 @@ info:
cwe-id: CWE-79 cwe-id: CWE-79
metadata: metadata:
verified: "true" verified: "true"
tags: cve,cve2022,xss,flatpm,wordpress,wp-plugin,authenticated tags: authenticated,wpscan,cve,cve2022,xss,flatpm,wordpress,wp-plugin
requests: requests:
- raw: - raw:

2
cves/2022/CVE-2022-4060.yaml
View File

@ -17,7 +17,7 @@ info:
cwe-id: CWE-94 cwe-id: CWE-94
metadata: metadata:
verified: "true" verified: "true"
tags: cve,cve2022,rce,wordpress,wp-plugin,wp,wp-upg,unauth tags: unauth,wpscan,cve2022,rce,wordpress,wp-plugin,wp,cve,wp-upg
requests: requests:
- method: GET - method: GET

2
cves/2022/CVE-2022-4063.yaml
View File

@ -18,7 +18,7 @@ info:
cwe-id: CWE-22 cwe-id: CWE-22
metadata: metadata:
verified: "true" verified: "true"
tags: cve,cve2022,lfi,wordpress,wp-plugin,wp,inpost-gallery,unauth tags: cve,wp-plugin,wp,inpost-gallery,cve2022,lfi,wordpress,unauth,wpscan
requests: requests:
- method: GET - method: GET

8
cves/2022/CVE-2022-46888.yaml
View File

@ -9,9 +9,15 @@ info:
reference: reference:
- https://www.surecloud.com/resources/blog/nexusphp-surecloud-security-review-identifies-authenticated-unauthenticated-vulnerabilities - https://www.surecloud.com/resources/blog/nexusphp-surecloud-security-review-identifies-authenticated-unauthenticated-vulnerabilities
- https://nvd.nist.gov/vuln/detail/CVE-2022-46888 - https://nvd.nist.gov/vuln/detail/CVE-2022-46888
- https://github.com/xiaomlove/nexusphp/releases/tag/v1.7.33
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2022-46888
cwe-id: CWE-79
metadata: metadata:
verified: true
shodan-query: http.favicon.hash:-582931176 shodan-query: http.favicon.hash:-582931176
verified: "true"
tags: cve,cve2022,nexus,php,nexusphp,xss tags: cve,cve2022,nexus,php,nexusphp,xss
requests: requests:

7
cves/2023/CVE-2023-23492.yaml
View File

@ -3,7 +3,7 @@ id: CVE-2023-23492
info: info:
name: Login with Phone Number - Cross-Site Scripting name: Login with Phone Number - Cross-Site Scripting
author: r3Y3r53 author: r3Y3r53
severity: medium severity: high
description: | description: |
Login with Phone Number, versions < 1.4.2, is affected by an reflected XSS vulnerability in the login-with-phonenumber.php' file in the 'lwp_forgot_password()' function. Login with Phone Number, versions < 1.4.2, is affected by an reflected XSS vulnerability in the login-with-phonenumber.php' file in the 'lwp_forgot_password()' function.
reference: reference:
@ -11,10 +11,13 @@ info:
- https://www.tenable.com/security/research/tra-2023-3 - https://www.tenable.com/security/research/tra-2023-3
- https://nvd.nist.gov/vuln/detail/CVE-2023-23492 - https://nvd.nist.gov/vuln/detail/CVE-2023-23492
classification: classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.8
cve-id: CVE-2023-23492 cve-id: CVE-2023-23492
cwe-id: CWE-89
metadata: metadata:
verified: "true" verified: "true"
tags: cve,cve2023,login-with-phonenumber,wordpress,wp,wp-plugin,xss tags: login-with-phonenumber,wordpress,wp,wp-plugin,xss,tenable,cve,cve2023
requests: requests:
- method: GET - method: GET

2
vulnerabilities/wordpress/3d-print-lite-xss.yaml
View File

@ -12,7 +12,7 @@ info:
- https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-3dprint-lite-cross-site-scripting-1-9-1-5/ - https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-3dprint-lite-cross-site-scripting-1-9-1-5/
metadata: metadata:
verified: "true" verified: "true"
tags: xss,wordpress,wp-plugin,wp,3dprint,lite,authenticated tags: 3dprint,lite,authenticated,wpscan,xss,wordpress,wp-plugin,wp
requests: requests:
- raw: - raw:

2
vulnerabilities/wordpress/wp-touch-redirect.yaml
View File

@ -11,7 +11,7 @@ info:
metadata: metadata:
verified: "true" verified: "true"
google-query: "inurl:/wp-content/plugins/wptouch" google-query: "inurl:/wp-content/plugins/wptouch"
tags: wptouch,unauth,redirect,wordpress,wp-plugin,wp tags: wp-plugin,wp,packetstorm,wptouch,unauth,redirect,wordpress
requests: requests:
- method: GET - method: GET