diff --git a/vulnerabilities/wordpress/easy-media-gallery-pro-listing.yaml b/vulnerabilities/wordpress/easy-media-gallery-pro-listing.yaml index e560c00477..84f714c999 100644 --- a/vulnerabilities/wordpress/easy-media-gallery-pro-listing.yaml +++ b/vulnerabilities/wordpress/easy-media-gallery-pro-listing.yaml @@ -6,10 +6,12 @@ info: description: Searches for sensitive directories present in the wordpress-plugins plugin. reference: https://www.exploit-db.com/ghdb/6455 tags: wordpress,listing,wp-plugin + requests: - method: GET path: - "{{BaseURL}}/wp-content/plugins/easy-media-gallery-pro/" + matchers-condition: and matchers: - type: word diff --git a/vulnerabilities/wordpress/wordpress-bbpress-plugin-listing.yaml b/vulnerabilities/wordpress/wordpress-bbpress-plugin-listing.yaml index 406c655c58..2404e9dcb9 100644 --- a/vulnerabilities/wordpress/wordpress-bbpress-plugin-listing.yaml +++ b/vulnerabilities/wordpress/wordpress-bbpress-plugin-listing.yaml @@ -3,7 +3,7 @@ id: wordpress-bbpress-plugin-listing info: name: WordPress bbPress Plugin Directory Listing author: dhiyaneshDK - severity: low + severity: info description: Searches for sensitive directories present in the bbpress wordpress plugin. reference: https://www.exploit-db.com/ghdb/6158 tags: wordpress,listing @@ -12,6 +12,7 @@ requests: - method: GET path: - "{{BaseURL}}/wp-content/plugins/bbpress/" + matchers-condition: and matchers: - type: word diff --git a/vulnerabilities/wordpress/wordpress-debug-log.yaml b/vulnerabilities/wordpress/wordpress-debug-log.yaml index 0456773ec6..ab180f5193 100644 --- a/vulnerabilities/wordpress/wordpress-debug-log.yaml +++ b/vulnerabilities/wordpress/wordpress-debug-log.yaml @@ -10,6 +10,7 @@ requests: - method: GET path: - "{{BaseURL}}/wp-content/debug.log" + matchers-condition: and matchers: - type: word @@ -18,10 +19,12 @@ requests: - text/plain part: header condition: or + - type: regex regex: - "[[0-9]{2}-[a-zA-Z]{3}-[0-9]{4} [0-9]{2}:[0-9]{2}:[0-9]{2} [A-Z]{3}] PHP" part: body + - type: status status: - 200 \ No newline at end of file diff --git a/vulnerabilities/wordpress/wordpress-directory-listing.yaml b/vulnerabilities/wordpress/wordpress-directory-listing.yaml index f371686824..fd0ec7d30e 100644 --- a/vulnerabilities/wordpress/wordpress-directory-listing.yaml +++ b/vulnerabilities/wordpress/wordpress-directory-listing.yaml @@ -13,11 +13,13 @@ requests: - "{{BaseURL}}/wp-content/themes/" - "{{BaseURL}}/wp-content/plugins/" - "{{BaseURL}}/wp-includes/" + matchers-condition: and matchers: - type: status status: - 200 + - type: word words: - - Index of / + - "Index of /" diff --git a/vulnerabilities/wordpress/wordpress-elementor-plugin-listing.yaml b/vulnerabilities/wordpress/wordpress-elementor-plugin-listing.yaml index 7c890cb857..ed40dd3432 100644 --- a/vulnerabilities/wordpress/wordpress-elementor-plugin-listing.yaml +++ b/vulnerabilities/wordpress/wordpress-elementor-plugin-listing.yaml @@ -3,7 +3,7 @@ id: wordpress-elementor-plugin-listing info: name: WordPress Elementor Plugin Directory Listing author: dhiyaneshDK - severity: low + severity: info description: Searches for sensitive directories present in the elementor wordpress plugin. reference: https://www.exploit-db.com/ghdb/6297 tags: wordpress,listing @@ -12,6 +12,7 @@ requests: - method: GET path: - "{{BaseURL}}/wp-content/plugins/elementor/" + matchers-condition: and matchers: - type: word diff --git a/vulnerabilities/wordpress/wordpress-gtranslate-plugin-listing.yaml b/vulnerabilities/wordpress/wordpress-gtranslate-plugin-listing.yaml index e658663a4f..b8dae0946e 100644 --- a/vulnerabilities/wordpress/wordpress-gtranslate-plugin-listing.yaml +++ b/vulnerabilities/wordpress/wordpress-gtranslate-plugin-listing.yaml @@ -3,7 +3,7 @@ id: wordpress-gtranslate-plugin-listing info: name: WordPress gtranslate Plugin Directory Listing author: dhiyaneshDK - severity: low + severity: info description: Searches for sensitive directories present in the gtranslate wordpress plugin. reference: https://www.exploit-db.com/ghdb/6160 tags: wordpress,listing @@ -12,6 +12,7 @@ requests: - method: GET path: - "{{BaseURL}}/wp-content/plugins/gtranslate/" + matchers-condition: and matchers: - type: word diff --git a/vulnerabilities/wordpress/wordpress-redirection-plugin-listing.yaml b/vulnerabilities/wordpress/wordpress-redirection-plugin-listing.yaml index 7a0130bd56..dfad16747a 100644 --- a/vulnerabilities/wordpress/wordpress-redirection-plugin-listing.yaml +++ b/vulnerabilities/wordpress/wordpress-redirection-plugin-listing.yaml @@ -3,7 +3,7 @@ id: wordpress-redirection-plugin-listing info: name: WordPress Redirection Plugin Directory Listing author: dhiyaneshDk - severity: low + severity: info description: Searches for sensitive directories present in the wordpress-redirection plugin. reference: https://www.exploit-db.com/ghdb/6436 tags: wordpress,listing diff --git a/vulnerabilities/wordpress/wordpress-woocommerce-listing.yaml b/vulnerabilities/wordpress/wordpress-woocommerce-listing.yaml index 317fb456e0..a1f28d4054 100644 --- a/vulnerabilities/wordpress/wordpress-woocommerce-listing.yaml +++ b/vulnerabilities/wordpress/wordpress-woocommerce-listing.yaml @@ -3,7 +3,7 @@ id: wordpress-woocommerce-listing info: name: WordPress Woocommerce Plugin Directory Listing author: dhiyaneshDK - severity: low + severity: info description: Searches for sensitive directories present in the woocommerce wordpress plugin. reference: https://www.exploit-db.com/ghdb/6192 tags: wordpress,listing diff --git a/vulnerabilities/wordpress/wordpress-wpcourses-info-disclosure.yaml b/vulnerabilities/wordpress/wordpress-wpcourses-info-disclosure.yaml index 7e24d990b5..5ab5a09e4a 100644 --- a/vulnerabilities/wordpress/wordpress-wpcourses-info-disclosure.yaml +++ b/vulnerabilities/wordpress/wordpress-wpcourses-info-disclosure.yaml @@ -6,15 +6,15 @@ info: severity: high description: Critical Information Disclosure on WP Courses plugin < 2.0.29 exposes private course videos and materials tags: wordpress,plugin - - # References: - # - [1] https://www.exploit-db.com/exploits/48910 - # - [2] https://www.redtimmy.com/critical-information-disclosure-on-wp-courses-plugin-exposes-private-course-videos-and-materials/ + references: | + - https://www.exploit-db.com/exploits/48910 + - https://www.redtimmy.com/critical-information-disclosure-on-wp-courses-plugin-exposes-private-course-videos-and-materials/ requests: - method: GET path: - "{{BaseURL}}/wp-json/wp/v2/lesson/1" + matchers-condition: and matchers: - type: regex @@ -23,10 +23,12 @@ requests: - "\"(guid|title|content|excerpt)\":{\"rendered\":" condition: or part: body + - type: word words: - "application/json" part: header + - type: status status: - 200 diff --git a/vulnerabilities/wordpress/wp-123contactform-plugin-listing.yaml b/vulnerabilities/wordpress/wp-123contactform-plugin-listing.yaml index 877c27c3f1..100c8568d1 100644 --- a/vulnerabilities/wordpress/wp-123contactform-plugin-listing.yaml +++ b/vulnerabilities/wordpress/wp-123contactform-plugin-listing.yaml @@ -3,7 +3,7 @@ id: wp-123contactform-plugin-listing info: name: WordPress 123ContactForm Plugin Directory Listing author: pussycat0x - severity: low + severity: info description: Searches for sensitive directories present in the wordpress-plugins plugin. reference: | - https://blog.sucuri.net/2021/01/critical-vulnerabilities-in-123contactform-for-wordpress-wordpress-plugin.html diff --git a/vulnerabilities/wordpress/wp-arforms-listing.yaml b/vulnerabilities/wordpress/wp-arforms-listing.yaml new file mode 100644 index 0000000000..3b214effc5 --- /dev/null +++ b/vulnerabilities/wordpress/wp-arforms-listing.yaml @@ -0,0 +1,28 @@ +id: wp-arforms-listing +info: + name: WordPress Plugin Arforms Listing + author: pussycat0x + severity: info + description: Searches for sensitive directories present in the wordpress-plugins plugin. + reference: https://www.exploit-db.com/ghdb/6424 + tags: wordpress,listing + +requests: + + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/arforms/" + + matchers-condition: and + + matchers: + - type: word + words: + - "Index of" + - "wp-content/plugins/arforms/" + condition: and + + - type: status + + status: + - 200 \ No newline at end of file diff --git a/vulnerabilities/wordpress/wp-email-subscribers-listing.yaml b/vulnerabilities/wordpress/wp-email-subscribers-listing.yaml new file mode 100644 index 0000000000..e94a46837e --- /dev/null +++ b/vulnerabilities/wordpress/wp-email-subscribers-listing.yaml @@ -0,0 +1,26 @@ +id: wp-email-subscribers-listing +info: + name: WordPress Plugin Email Subscribers Listing + author: pussycat0x + severity: low + description: Searches for sensitive directories present in the wordpress-plugins plugin. + reference: https://www.exploit-db.com/ghdb/6428 + tags: wordpress,listing + +requests: + + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/email-subscribers" + matchers-condition: and + matchers: + - type: word + words: + - "Index of" + - "wp-content/plugins/email-subscribers" + condition: and + + - type: status + + status: + - 200 diff --git a/vulnerabilities/wordpress/wp-idx-broker-platinum-listing.yaml b/vulnerabilities/wordpress/wp-idx-broker-platinum-listing.yaml new file mode 100644 index 0000000000..59ed30206c --- /dev/null +++ b/vulnerabilities/wordpress/wp-idx-broker-platinum-listing.yaml @@ -0,0 +1,27 @@ +id: wp-idx-broker-platinum-listing +info: + name: WordPress Plugin Idx Broker Platinum Listing + author: pussycat0x + severity: info + description: Searches for sensitive directories present in the wordpress-plugins plugin. + reference: https://www.exploit-db.com/ghdb/6416 + tags: wordpress,listing + +requests: + + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/idx-broker-platinum/" + + matchers-condition: and + + matchers: + - type: word + words: + - "Index of" + - "wp-content/plugins/idx-broker-platinum/" + condition: and + + - type: status + status: + - 200 diff --git a/vulnerabilities/wordpress/wp-iwp-client-listing.yaml b/vulnerabilities/wordpress/wp-iwp-client-listing.yaml new file mode 100644 index 0000000000..b97d6e03a1 --- /dev/null +++ b/vulnerabilities/wordpress/wp-iwp-client-listing.yaml @@ -0,0 +1,25 @@ +id: wp-iwp-client-listing +info: + name: WordPress Plugin Iwp-client Listing + author: pussycat0x + severity: info + description: Searches for sensitive directories present in the wordpress-plugins plugin. + reference: https://www.exploit-db.com/ghdb/6427 + tags: wordpress,listing + +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/iwp-client/" + + matchers-condition: and + matchers: + - type: word + words: + - "Index of" + - "wp-content/plugins/iwp-client/" + condition: and + + - type: status + status: + - 200 diff --git a/vulnerabilities/wordpress/wp-plugin-1-flashgallery-listing.yaml b/vulnerabilities/wordpress/wp-plugin-1-flashgallery-listing.yaml index c5a0d901db..91f280207d 100644 --- a/vulnerabilities/wordpress/wp-plugin-1-flashgallery-listing.yaml +++ b/vulnerabilities/wordpress/wp-plugin-1-flashgallery-listing.yaml @@ -3,7 +3,7 @@ id: wp-plugin-1-flashgallery-listing info: name: WordPress 1 flash gallery listing author: pussycat0x - severity: low + severity: info description: Searches for sensitive directories present in the wordpress-plugins plugin. reference: https://www.exploit-db.com/ghdb/6978 tags: wordpress,listing diff --git a/vulnerabilities/wordpress/wp-plugin-lifterlms.yaml b/vulnerabilities/wordpress/wp-plugin-lifterlms.yaml index d5ea2cb71b..1813fab599 100644 --- a/vulnerabilities/wordpress/wp-plugin-lifterlms.yaml +++ b/vulnerabilities/wordpress/wp-plugin-lifterlms.yaml @@ -3,7 +3,7 @@ id: wordpress-plugins-lifterlms info: name: WordPress Plugin lifterlms Listing author: pussycat0x - severity: low + severity: info description: Searches for sensitive directories present in the wordpress-plugins plugin. reference: https://www.exploit-db.com/ghdb/6420 tags: wordpress,listing diff --git a/vulnerabilities/wordpress/wp-plugin-utlimate-member.yaml b/vulnerabilities/wordpress/wp-plugin-utlimate-member.yaml index f316fe8177..5266895949 100644 --- a/vulnerabilities/wordpress/wp-plugin-utlimate-member.yaml +++ b/vulnerabilities/wordpress/wp-plugin-utlimate-member.yaml @@ -3,7 +3,7 @@ id: wordpress-plugins-ultimate-member info: name: WordPress Plugin Ultimate Member author: pussycat0x - severity: low + severity: info description: Searches for sensitive directories present in the wordpress-plugins plugin. reference: https://www.exploit-db.com/ghdb/6998 tags: wordpress,listing diff --git a/vulnerabilities/wordpress/wp-sfwd-lms-listing.yaml b/vulnerabilities/wordpress/wp-sfwd-lms-listing.yaml new file mode 100644 index 0000000000..2ec937706a --- /dev/null +++ b/vulnerabilities/wordpress/wp-sfwd-lms-listing.yaml @@ -0,0 +1,26 @@ +id: wp-sfwd-lms-listing + +info: + name: WordPress Plugin Sfwd-lms Listing + author: pussycat0x + severity: info + description: Searches for sensitive directories present in the wordpress-plugins plugin. + reference: https://www.exploit-db.com/ghdb/6426 + tags: wordpress,listing + +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/sfwd-lms/" + + matchers-condition: and + matchers: + - type: word + words: + - "Index of" + - "wp-content/plugins/sfwd-lms" + condition: and + + - type: status + status: + - 200