From 8bd2a9455a6e001bbf70f84f9e27b772a8d6faa6 Mon Sep 17 00:00:00 2001 From: bauthard <8293321+bauthard@users.noreply.github.com> Date: Sat, 21 Nov 2020 23:27:19 +0530 Subject: [PATCH] Simpleifed workflow syntax --- workflows/artica-web-proxy-workflow.yaml | 22 +++---- workflows/basic-auth-workflow.yaml | 21 +++--- workflows/bigip-pwner-workflow.yaml | 21 +++--- workflows/cisco-asa-workflow.yaml | 25 ++++--- workflows/grafana-workflow.yaml | 19 +++--- workflows/jira-exploitation-workflow.yaml | 62 +++++++---------- workflows/liferay-rce-workflow.yaml | 20 +++--- workflows/lotus-domino-workflow.yaml | 24 +++---- workflows/magmi-workflow.yaml | 26 ++++---- workflows/mida-eframework-workflow.yaml | 21 +++--- .../netsweeper-preauth-rce-workflow.yaml | 21 +++--- workflows/rabbitmq-workflow.yaml | 19 +++--- workflows/sap-netweaver-workflow.yaml | 18 ++--- workflows/springboot-pwner-workflow.yaml | 32 ++++----- workflows/vbulletin-workflow.yaml | 30 ++++----- workflows/wordpress-workflow.yaml | 66 ++++++++----------- 16 files changed, 207 insertions(+), 240 deletions(-) diff --git a/workflows/artica-web-proxy-workflow.yaml b/workflows/artica-web-proxy-workflow.yaml index c44c564003..0cb7149e17 100644 --- a/workflows/artica-web-proxy-workflow.yaml +++ b/workflows/artica-web-proxy-workflow.yaml @@ -1,18 +1,16 @@ id: artica-web-proxy-workflow info: - name: Artica Web Proxy Workflows + name: Artica Web Proxy Security Checks author: dwisiswant0 & pdteam + description: A simple workflow that runs all Artica Web Proxy related nuclei templates on a given target. -variables: - artica_tech: technologies/artica-web-proxy-detect.yaml - artica_auth_bypass: cves/CVE-2020-17506.yaml - artica_os_command_inject: cves/CVE-2020-17505.yaml + # Supported on Nuclei v2.2.0 (https://github.com/projectdiscovery/nuclei/releases/tag/v2.2.0) + # Old workflows still remains valid, and will be working with all nuclei versions. -logic: - | - if artica_tech() { - if artica_auth_bypass() { - artica_os_command_inject() - } - } \ No newline at end of file +workflows: + + - template: technologies/artica-web-proxy-detect.yaml + + subtemplates: + - template: cves/CVE-2020-17505.yaml \ No newline at end of file diff --git a/workflows/basic-auth-workflow.yaml b/workflows/basic-auth-workflow.yaml index 95046a409e..3afd5b440b 100644 --- a/workflows/basic-auth-workflow.yaml +++ b/workflows/basic-auth-workflow.yaml @@ -1,15 +1,16 @@ id: basic-auth-workflow info: - name: Basic auth detection and bruteforce workflow - author: "@w4cky_" + name: Basic auth Security Checks + author: w4cky_ + description: A simple workflow that runs all Basic auth related nuclei templates on a given target. -variables: - basic_auth_detect: technologies/basic-auth-detection.yaml - basic_auth_bruteforce: fuzzing/basic-auth-bruteforce.yaml + # Supported on Nuclei v2.2.0 (https://github.com/projectdiscovery/nuclei/releases/tag/v2.2.0) + # Old workflows still remains valid, and will be working with all nuclei versions. -logic: - | - if basic_auth_detect() { - basic_auth_bruteforce() - } \ No newline at end of file +workflows: + + - template: technologies/basic-auth-detection.yaml + + subtemplates: + - template: fuzzing/basic-auth-bruteforce.yaml \ No newline at end of file diff --git a/workflows/bigip-pwner-workflow.yaml b/workflows/bigip-pwner-workflow.yaml index f11ffe5805..7fc4184e1b 100644 --- a/workflows/bigip-pwner-workflow.yaml +++ b/workflows/bigip-pwner-workflow.yaml @@ -1,15 +1,16 @@ -id: bigip-pwner-workflow +id: bigip-workflow info: - name: F5 BIG-IP RCE Workflow + name: F5 BIG-IP Security Checks author: dwisiswant0 + description: A simple workflow that runs all Bigip related nuclei templates on a given target. -variables: - bigip_config_utility: technologies/bigip-config-utility-detect.yaml - bigip_cve_2020_5902: cves/CVE-2020-5902.yaml + # Supported on Nuclei v2.2.0 (https://github.com/projectdiscovery/nuclei/releases/tag/v2.2.0) + # Old workflows still remains valid, and will be working with all nuclei versions. -logic: - | - if bigip_config_utility() { - bigip_cve_2020_5902() - } +workflows: + + - template: technologies/bigip-config-utility-detect.yaml + + subtemplates: + - template: cves/CVE-2020-5902.yaml \ No newline at end of file diff --git a/workflows/cisco-asa-workflow.yaml b/workflows/cisco-asa-workflow.yaml index 2ebad0bc4c..87caafc5da 100644 --- a/workflows/cisco-asa-workflow.yaml +++ b/workflows/cisco-asa-workflow.yaml @@ -1,19 +1,18 @@ id: cisco-asa-workflow info: - name: Cisco ASA Pwner + name: Cisco ASA Security Checks author: flag007 + description: A simple workflow that runs all Cisco related nuclei templates on a given target. -variables: - ciscoasa: panels/cisco-asa-panel.yaml - ciscoasa_cve_2020_3187: cves/CVE-2020-3187.yaml - ciscoasa_cve_2020_3452: cves/CVE-2020-3452.yaml - ciscoasa_cve_2018_0296: cves/CVE-2018-0296.yaml + # Supported on Nuclei v2.2.0 (https://github.com/projectdiscovery/nuclei/releases/tag/v2.2.0) + # Old workflows still remains valid, and will be working with all nuclei versions. -logic: - | - if ciscoasa() { - ciscoasa_cve_2020_3187() - ciscoasa_cve_2020_3452() - ciscoasa_cve_2018_0296() - } +workflows: + + - template: panels/cisco-asa-panel.yaml + + subtemplates: + - template: cves/CVE-2020-3187.yaml + - template: cves/CVE-2020-3452.yaml + - template: cves/CVE-2018-0296.yaml \ No newline at end of file diff --git a/workflows/grafana-workflow.yaml b/workflows/grafana-workflow.yaml index 2ec0cd5fed..cc1c9b28f2 100644 --- a/workflows/grafana-workflow.yaml +++ b/workflows/grafana-workflow.yaml @@ -1,15 +1,16 @@ id: grafana-workflow info: - name: Grafana Workflow + name: Grafana Security Checks author: pdteam + description: A simple workflow that runs all Grafana related nuclei templates on a given target. -variables: - grafana_login: panels/grafana-detect.yaml - grafana_cred_check: default-credentials/grafana-default-credential.yaml + # Supported on Nuclei v2.2.0 (https://github.com/projectdiscovery/nuclei/releases/tag/v2.2.0) + # Old workflows still remains valid, and will be working with all nuclei versions. -logic: - | - if grafana_login() { - grafana_cred_check() - } +workflows: + + - template: panels/grafana-detect.yaml + + subtemplates: + - template: default-credentials/grafana-default-credential.yaml \ No newline at end of file diff --git a/workflows/jira-exploitation-workflow.yaml b/workflows/jira-exploitation-workflow.yaml index 8b715f80cd..ed989cfa42 100644 --- a/workflows/jira-exploitation-workflow.yaml +++ b/workflows/jira-exploitation-workflow.yaml @@ -1,41 +1,29 @@ -id: jira-exploitation-workflow +id: jira-workflow info: - name: Jira Exploitation workflow - author: micha3lb3n + name: Jira Security Checks + author: micha3lb3n + description: A simple workflow that runs all Jira related nuclei templates on a given target. -variables: - jira_detect: technologies/jira-detect.yaml - jira_signup: security-misconfiguration/jira-service-desk-signup.yaml - jira_projects: security-misconfiguration/jira-unauthenticated-projects.yaml - jira_dashboard: security-misconfiguration/jira-unauthenticated-dashboards.yaml - jira_filters: security-misconfiguration/jira-unauthenticated-popular-filters.yaml - jira_user_picker: security-misconfiguration/jira-unauthenticated-user-picker.yaml - jira_cve_1: cves/CVE-2019-8449.yaml - jira_cve_2: cves/CVE-2019-8451.yaml - jira_cve_3: cves/CVE-2017-9506.yaml - jira_cve_4: cves/CVE-2018-20824.yaml - jira_cve_5: cves/CVE-2019-3396.yaml - jira_cve_6: cves/CVE-2020-14179.yaml - jira_cve_7: cves/CVE-2020-14181.yaml - jira_cve_8: cves/CVE-2019-8442.yaml - jira_cve_9: cves/CVE-2019-3402.yaml + # Supported on Nuclei v2.2.0 (https://github.com/projectdiscovery/nuclei/releases/tag/v2.2.0) + # Old workflows still remains valid, and will be working with all nuclei versions. -logic: - | - if jira_detect(){ - jira_signup() - jira_projects() - jira_dashboard() - jira_filters() - jira_user_picker() - jira_cve_1() - jira_cve_2() - jira_cve_3() - jira_cve_4() - jira_cve_5() - jira_cve_6() - jira_cve_7() - jira_cve_8() - jira_cve_9() - } +workflows: + + - template: technologies/jira-detect.yaml + + subtemplates: + - template: cves/CVE-2017-9506.yaml + - template: cves/CVE-2018-20824.yaml + - template: cves/CVE-2019-3396.yaml + - template: cves/CVE-2019-3402.yaml + - template: cves/CVE-2019-8442.yaml + - template: cves/CVE-2019-8449.yaml + - template: cves/CVE-2019-8451.yaml + - template: cves/CVE-2020-14179.yaml + - template: cves/CVE-2020-14181.yaml + - template: security-misconfiguration/jira-service-desk-signup.yaml + - template: security-misconfiguration/jira-unauthenticated-dashboards.yaml + - template: security-misconfiguration/jira-unauthenticated-popular-filters.yaml + - template: security-misconfiguration/jira-unauthenticated-projects.yaml + - template: security-misconfiguration/jira-unauthenticated-user-picker.yaml diff --git a/workflows/liferay-rce-workflow.yaml b/workflows/liferay-rce-workflow.yaml index b9bc1fe361..25b52ce9d4 100644 --- a/workflows/liferay-rce-workflow.yaml +++ b/workflows/liferay-rce-workflow.yaml @@ -1,15 +1,15 @@ -id: liferay-rce-workflow +id: liferay-workflow info: - name: Liferay RCE Workflow + name: Liferay Security Checks author: dwisiswant0 + description: A simple workflow that runs all liferay related nuclei templates on a given target. -variables: - liferay_portal: technologies/liferay-portal-detect.yaml - liferay_portal_cve: cves/CVE-2020-7961.yaml + # Supported on Nuclei v2.2.0 (https://github.com/projectdiscovery/nuclei/releases/tag/v2.2.0) + # Old workflows still remains valid, and will be working with all nuclei versions. -logic: - | - if liferay_portal() { - liferay_portal_cve() - } +workflows: + + - template: technologies/liferay-portal-detect.yaml + subtemplates: + - template: cves/CVE-2020-7961.yaml \ No newline at end of file diff --git a/workflows/lotus-domino-workflow.yaml b/workflows/lotus-domino-workflow.yaml index 9519113bf4..08ab63277a 100644 --- a/workflows/lotus-domino-workflow.yaml +++ b/workflows/lotus-domino-workflow.yaml @@ -1,19 +1,19 @@ id: lotus-domino-workflow info: - name: Lotus Domino workflow + name: Lotus Domino Security Checks author: CasperGN + description: A simple workflow that runs all Lotus Domino related nuclei templates on a given target. -variables: - domino: technologies/tech-detect.yaml - domino_version: technologies/lotus-domino-version.yaml - domino_cve_2005_2428: cves/CVE-2005-2428.yaml + # Supported on Nuclei v2.2.0 (https://github.com/projectdiscovery/nuclei/releases/tag/v2.2.0) + # Old workflows still remains valid, and will be working with all nuclei versions. -logic: - | - domino() +workflows: - if domino["lotus-domino"] { - domino_version() - domino_cve_2005_2428() - } \ No newline at end of file + - template: technologies/tech-detect.yaml + matchers: + - name: lotus-domino + subtemplates: + - template: technologies/lotus-domino-version.yaml + subtemplates: + - template: cves/CVE-2005-2428.yaml \ No newline at end of file diff --git a/workflows/magmi-workflow.yaml b/workflows/magmi-workflow.yaml index 67cad7df7c..c1bfa23c23 100644 --- a/workflows/magmi-workflow.yaml +++ b/workflows/magmi-workflow.yaml @@ -1,18 +1,18 @@ id: magmi-workflow info: - name: "MAGMI Workflow" - author: "dwisiswant0" + name: MAGMI Security Checks + author: dwisiswant0 + description: A simple workflow that runs all MAGMI related nuclei templates on a given target. -variables: - magmi_tech: technologies/magmi-detect.yaml - magmi_cve1: cves/CVE-2017-7391.yaml - magmi_cve2: cves/CVE-2020-5776.yaml - magmi_cve3: cves/CVE-2020-5777.yaml + # Supported on Nuclei v2.2.0 (https://github.com/projectdiscovery/nuclei/releases/tag/v2.2.0) + # Old workflows still remains valid, and will be working with all nuclei versions. -logic: | - if magmi_tech() { - magmi_cve1() - magmi_cve2() - magmi_cve3() - } +workflows: + + - template: technologies/magmi-detect.yaml + + subtemplates: + - template: cves/CVE-2017-7391.yaml + - template: cves/CVE-2020-5776.yaml + - template: cves/CVE-2020-5777.yaml \ No newline at end of file diff --git a/workflows/mida-eframework-workflow.yaml b/workflows/mida-eframework-workflow.yaml index f0b52f5fd1..3202ca6986 100644 --- a/workflows/mida-eframework-workflow.yaml +++ b/workflows/mida-eframework-workflow.yaml @@ -1,18 +1,17 @@ id: mida-eframework-workflow info: - name: Mida eFramework workflow + name: Mida eFramework Security Checks author: CasperGN + description: A simple workflow that runs all Mida eFramework related nuclei templates on a given target. -variables: - mida: technologies/tech-detect.yaml - cve_2020_15920: cves/CVE-2020-15920.yaml - mida_xss: vulnerabilities/mida-eframework-xss.yaml + # Supported on Nuclei v2.2.0 (https://github.com/projectdiscovery/nuclei/releases/tag/v2.2.0) + # Old workflows still remains valid, and will be working with all nuclei versions. -logic: | - mida() +workflows: - if mida["mida-eframework"] { - cve_2020_15920() - mida_xss() - } + - template: technologies/tech-detect.yaml + matchers: + - name: mida-eframework + subtemplates: + - template: vulnerabilities/mida-eframework-xss.yaml diff --git a/workflows/netsweeper-preauth-rce-workflow.yaml b/workflows/netsweeper-preauth-rce-workflow.yaml index 2f32d81f6a..7f4129a153 100644 --- a/workflows/netsweeper-preauth-rce-workflow.yaml +++ b/workflows/netsweeper-preauth-rce-workflow.yaml @@ -1,15 +1,16 @@ -id: netsweeper-preauth-rce-workflow +id: netsweeper-workflow info: - name: Netsweeper PreAuth RCE Workflow + name: Netsweeper Security Checks author: dwisiswant0 + description: A simple workflow that runs all netsweeper related nuclei templates on a given target. -variables: - netsweeper_webadmin: technologies/netsweeper-webadmin-detect.yaml - netsweeper_webadmin_cve_1: cves/CVE-2020-13167.yaml + # Supported on Nuclei v2.2.0 (https://github.com/projectdiscovery/nuclei/releases/tag/v2.2.0) + # Old workflows still remains valid, and will be working with all nuclei versions. -logic: - | - if netsweeper_webadmin() { - netsweeper_webadmin_cve_1() - } +workflows: + + - template: technologies/netsweeper-webadmin-detect.yaml + + subtemplates: + - template: cves/CVE-2020-13167.yaml \ No newline at end of file diff --git a/workflows/rabbitmq-workflow.yaml b/workflows/rabbitmq-workflow.yaml index 32fdb0d702..0a35bee6ab 100644 --- a/workflows/rabbitmq-workflow.yaml +++ b/workflows/rabbitmq-workflow.yaml @@ -1,15 +1,16 @@ id: rabbitmq-workflow info: - name: RabbitMQ Workflow + name: RabbitMQ Security Checks author: fyoorer + description: A simple workflow that runs all rabbitmq related nuclei templates on a given target. -variables: - rabbitmq_dashboard: panels/rabbitmq-dashboard.yaml - rabbitmq_default_admin: default-credentials/rabbitmq-default-admin.yaml + # Supported on Nuclei v2.2.0 (https://github.com/projectdiscovery/nuclei/releases/tag/v2.2.0) + # Old workflows still remains valid, and will be working with all nuclei versions. -logic: - | - if rabbitmq_dashboard() { - rabbitmq_default_admin() - } +workflows: + + - template: panels/rabbitmq-dashboard.yaml + + subtemplates: + - template: default-credentials/rabbitmq-default-admin.yaml \ No newline at end of file diff --git a/workflows/sap-netweaver-workflow.yaml b/workflows/sap-netweaver-workflow.yaml index 28292cf981..7437dca300 100644 --- a/workflows/sap-netweaver-workflow.yaml +++ b/workflows/sap-netweaver-workflow.yaml @@ -1,15 +1,15 @@ id: sap-netweaver-workflow info: - name: SAP NetWaver Workflow + name: SAP NetWaver Security Checks author: dwisiswant0 + description: A simple workflow that runs all SAP NetWaver related nuclei templates on a given target. -variables: - sap_netweaver_as_java: technologies/sap-netweaver-as-java-detect.yaml - sap_netweaver_as_java_cve_1: cves/CVE-2020-6287.yaml + # Supported on Nuclei v2.2.0 (https://github.com/projectdiscovery/nuclei/releases/tag/v2.2.0) + # Old workflows still remains valid, and will be working with all nuclei versions. -logic: - | - if sap_netweaver_as_java() { - sap_netweaver_as_java_cve_1() - } +workflows: + + - template: technologies/sap-netweaver-as-java-detect.yaml + subtemplates: + - template: cves/CVE-2020-6287.yaml diff --git a/workflows/springboot-pwner-workflow.yaml b/workflows/springboot-pwner-workflow.yaml index b28320f1ab..c8518d9690 100644 --- a/workflows/springboot-pwner-workflow.yaml +++ b/workflows/springboot-pwner-workflow.yaml @@ -1,23 +1,19 @@ -id: springboot-pwner-workflow +id: springboot-workflow info: - name: Spring Boot Pwner + name: Springboot Security Checks author: dwisiswant0 + description: A simple workflow that runs all springboot related nuclei templates on a given target. -variables: - springboot: security-misconfiguration/springboot-detect.yaml - springboot_cve_2018_1271: cves/CVE-2018-1271.yaml - springboot_cve_2019_3799: cves/CVE-2019-3799.yaml - springboot_cve_2020_5410: cves/CVE-2020-5410.yaml - springboot_xxe: vulnerabilities/springboot-actuators-jolokia-xxe.yaml - springboot_rce: vulnerabilities/springboot-h2-db-rce.yaml + # Supported on Nuclei v2.2.0 (https://github.com/projectdiscovery/nuclei/releases/tag/v2.2.0) + # Old workflows still remains valid, and will be working with all nuclei versions. -logic: - | - if springboot() { - springboot_cve_2018_1271() - springboot_cve_2019_3799() - springboot_cve_2020_5410() - springboot_xxe() - springboot_rce() - } +workflows: + + - template: security-misconfiguration/springboot-detect.yaml + subtemplates: + - template: cves/CVE-2018-1271.yaml + - template: cves/CVE-2018-1271.yaml + - template: cves/CVE-2020-5410.yaml + - template: vulnerabilities/springboot-actuators-jolokia-xxe.yaml + - template: vulnerabilities/springboot-h2-db-rce.yaml diff --git a/workflows/vbulletin-workflow.yaml b/workflows/vbulletin-workflow.yaml index 73ce9a7156..1dd498d731 100644 --- a/workflows/vbulletin-workflow.yaml +++ b/workflows/vbulletin-workflow.yaml @@ -1,25 +1,21 @@ id: vbulletin-workflow info: - name: vBulletin workflow + name: vBulletin Security Checks author: pdteam + description: A simple workflow that runs all vBulletin related nuclei templates on a given target. -variables: + # Supported on Nuclei v2.2.0 (https://github.com/projectdiscovery/nuclei/releases/tag/v2.2.0) + # Old workflows still remains valid, and will be working with all nuclei versions. - vbulletin_tech: technologies/tech-detect.yaml - vbulletin_cve_1: cves/CVE-2019-16759.yaml - vbulletin_cve_2: cves/CVE-2019-16759-1.yaml - vbulletin_cve_3: cves/CVE-2020-12720.yaml +workflows: - # This will run all 3 CVEs if vbulletin tech is found. + - template: technologies/tech-detect.yaml -logic: - | - vbulletin_tech() - - if vbulletin_tech["vbulletin"] { - - vbulletin_cve_1() - vbulletin_cve_2() - vbulletin_cve_3() - } \ No newline at end of file + matchers: + - name: vbulletin + subtemplates: + - template: cves/CVE-2019-16759.yaml + - template: cves/CVE-2019-16759-1.yaml + - template: cves/CVE-2019-6340.yaml + - template: cves/CVE-2020-12720.yaml \ No newline at end of file diff --git a/workflows/wordpress-workflow.yaml b/workflows/wordpress-workflow.yaml index ee4c9bc501..910543eb5e 100644 --- a/workflows/wordpress-workflow.yaml +++ b/workflows/wordpress-workflow.yaml @@ -1,45 +1,31 @@ id: wordpress-workflow info: - name: Wordpress workflow - author: Kiblyn11 & zomsop82 -variables: + name: Wordpress Security Checks + author: kiblyn11 & zomsop82 + description: A simple workflow that runs all wordpress related nuclei templates on a given target. - wordpress_tech: technologies/tech-detect.yaml - wordpress_dir_listing: files/wordpress-directory-listing.yaml - wordpress_user_enum: files/wordpress-user-enumeration.yaml - wordpress_wpconfig: security-misconfiguration/wordpress-accessible-wpconfig.yaml - wordpress_duplicator_path_traversal: vulnerabilities/wordpress-duplicator-path-traversal.yaml - wordpress_wordfence_xss: vulnerabilities/wordpress-wordfence-xss.yaml - wordpress_debug_log: files/wordpress-debug-log.yaml - wordpress_db_backup: files/wordpress-db-backup.yaml - wordpress_emergency_script: files/wordpress-emergency-script.yaml - wordpress_installer_log: files/wordpress-installer-log.yaml - wordpress_tmm_db_migrate: files/wordpress-tmm-db-migrate.yaml - wordpress_social_metrics_tracker: vulnerabilities/wordpress-social-metrics-tracker.yaml - w3c_total_cache_ssrf: vulnerabilities/w3c-total-cache-ssrf.yaml - wordpress_wpcourses_info_disclosure: vulnerabilities/wordpress-wpcourses-info-disclosure.yaml - sassy_social_share: vulnerabilities/sassy-social-share.yaml - wordpress_cve: cves/CVE-2019-9978.yaml - wordpress_cve_2: cves/CVE-2019-6715.yaml + # Supported on Nuclei v2.2.0 (https://github.com/projectdiscovery/nuclei/releases/tag/v2.2.0) + # Old workflows still remains valid, and will be working with all nuclei versions. -logic: | - wordpress_tech() +workflows: - if wordpress_tech["wordpress"] { - - wordpress_dir_listing() - wordpress_user_enum() - wordpress_wpconfig() - wordpress_duplicator_path_traversal() - wordpress_wordfence_xss() - wordpress_debug_log() - wordpress_db_backup() - wordpress_emergency_script() - wordpress_installer_log() - wordpress_tmm_db_migrate() - wordpress_social_metrics_tracker() - w3c_total_cache_ssrf() - wordpress_cve() - wordpress_cve_2() - - } + - template: technologies/tech-detect.yaml + matchers: + - name: wordpress + subtemplates: + - template: cves/CVE-2019-6715.yaml + - template: cves/CVE-2019-9978.yaml + - template: files/wordpress-db-backup.yaml + - template: files/wordpress-debug-log.yaml + - template: files/wordpress-directory-listing.yaml + - template: files/wordpress-emergency-script.yaml + - template: files/wordpress-installer-log.yaml + - template: files/wordpress-tmm-db-migrate.yaml + - template: files/wordpress-user-enumeration.yaml + - template: security-misconfiguration/wordpress-accessible-wpconfig.yaml + - template: vulnerabilities/sassy-social-share.yaml + - template: vulnerabilities/w3c-total-cache-ssrf.yaml + - template: vulnerabilities/wordpress-duplicator-path-traversal.yaml + - template: vulnerabilities/wordpress-social-metrics-tracker.yaml + - template: vulnerabilities/wordpress-wordfence-xss.yaml + - template: vulnerabilities/wordpress-wpcourses-info-disclosure.yaml \ No newline at end of file