Adding Wordpress Plugin Scanner

.nuclei-ignore

@@ -8,4 +8,5 @@ cves/CVE-2020-13379.yaml
 cves/CVE-2013-2251.yaml
 vulnerabilities/x-forwarded-host-injection.yaml
 fuzzing/
+wordlists/
 workflows/

fuzzing/wp-plugin-scan.yaml

@@ -0,0 +1,35 @@
+id: wp-plugin-scan
+info:
+  name: Wordpress Plugin Scanner
+  author: pdteam
+  severity: info
+  description: wordlist based wordpress plugin scanner.
+
+requests:
+
+  - payloads:
+      plugin_wordlist: wordlists/wp-plugins.txt
+
+      # Thanks to RandomRobbieBF for the wordlist
+      # https://github.com/RandomRobbieBF/wordpress-plugin-list
+
+    attack: sniper
+    threads: 50
+
+    raw:
+      - |
+        GET /plugin_wordlist HTTP/1.1
+        Host: {{Hostname}}
+        Accept: application/json, text/plain, */*
+        Accept-Language: en-US,en;q=0.5
+        Referer: {{BaseURL}}
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "== Description =="