From c1a7f2398cdce60aa84092dd404a3c3ec4d5e3c5 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Sat, 2 Apr 2022 16:15:26 +0530 Subject: [PATCH] Create CVE-2021-24746.yaml --- cves/2021/CVE-2021-24746.yaml | 46 +++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) create mode 100644 cves/2021/CVE-2021-24746.yaml diff --git a/cves/2021/CVE-2021-24746.yaml b/cves/2021/CVE-2021-24746.yaml new file mode 100644 index 0000000000..122f078b93 --- /dev/null +++ b/cves/2021/CVE-2021-24746.yaml @@ -0,0 +1,46 @@ +id: CVE-2021-24746 + +info: + name: WordPress Sassy Social Share Plugin - Reflected XSS + author: Supras + severity: medium + description: WP plugin Sassy Social Share < 3.3.40 - Reflected Cross-Site Scripting + reference: https://wpscan.com/vulnerability/99f4fb32-e312-4059-adaf-f4cbaa92d4fa + tags: cve,cve2021,wordpress,wp-plugin,xss + metadata: + google-query: 'inurl:"/wp-content/plugins/sassy-social-share"' + +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/sassy-social-share/readme.txt" + + extractors: + - type: regex + name: version + internal: true + group: 1 + regex: + - "(?m)Stable tag: ([0-9.]+)" + + - type: regex + group: 1 + regex: + - "(?m)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + part: body + words: + - "Sassy Social Share" + - '== Changelog ==' + condition: and + + - type: dsl + dsl: + - to_string(version) < "3.3.40"