Update Wordpress templates: typo, cve-id, ref & remove dupe

cves/2008/CVE-2008-1060.yaml

@@ -1,4 +1,4 @@
-id: sniplets-xss
+id: CVE-2008-1060
 
 info:
   name: Wordpress Plugin Sniplets - Cross-Site Scripting
@@ -7,6 +7,7 @@ info:
   description: Cross-site scripting (XSS) on Wordpress Plugin Sniplets
   reference:
     - https://www.exploit-db.com/exploits/5194
+    - https://wpscan.com/vulnerability/d0278ebe-e6ae-4f7c-bcad-ba318573f881
   tags: xss,wordpress,wp-plugin,wp
 
 requests:

cves/2008/CVE-2008-1061.yaml

@@ -1,4 +1,4 @@
-id: sniplets-lfi
+id: CVE-2008-1061
 
 info:
   name: WordPress Sniplets 1.1.2 - Local File Inclusion
@@ -7,10 +7,12 @@ info:
   description: WordPress Sniplets 1.1.2 is vulnerable to local file inclusion.
   reference:
     - https://www.exploit-db.com/exploits/5194
+    - https://wpscan.com/vulnerability/d0278ebe-e6ae-4f7c-bcad-ba318573f881
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
     cvss-score: 7.5
     cwe-id: CWE-22
+    cve-id: CVE-2008-1061
   tags: wordpress,wp-plugin,lfi,wp
 
 requests:

cves/2015/CVE-2014-9119.yaml

@@ -1,4 +1,4 @@
-id: db-backup-lfi
+id: CVE-2014-9119
 
 info:
   name: WordPress DB Backup <=4.5 - Local File Inclusion
@@ -12,6 +12,7 @@ info:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
     cvss-score: 7.5
     cwe-id: CWE-22
+    cve-id: CVE-2014-9119
   tags: wordpress,wp-plugin,lfi,wp
 
 requests:

cves/2015/CVE-2015-1000005.yaml

@@ -1,4 +1,4 @@
-id: candidate-application-lfi
+id: CVE-2015-1000005
 
 info:
   name: WordPress Candidate Application Form <= 1.3 - Local File Inclusion
@@ -11,6 +11,7 @@ info:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
     cvss-score: 8.6
     cwe-id: CWE-22
+    cve-id: CVE-2015-1000005
   tags: wordpress,wp-plugin,lfi,wp
 
 requests:

cves/2015/CVE-2015-1000010.yaml

@@ -1,16 +1,18 @@
-id: simple-image-manipulator-lfi
+id: CVE-2015-1000010
 
 info:
-  name: WordPress Simple Image Manipulator 1.0 - Local File Inclusion
+  name: WordPress Simple Image Manipulator < 1.0 - Local File Inclusion
   author: dhiyaneshDK
   severity: high
   description: WordPress Simple Image Manipulator 1.0 is vulnerable to local file inclusion in ./simple-image-manipulator/controller/download.php  because no checks are made to authenticate users or sanitize input when determining file location.
   reference:
     - https://packetstormsecurity.com/files/132962/WordPress-Simple-Image-Manipulator-1.0-File-Download.html
+    - https://wpscan.com/vulnerability/40e84e85-7176-4552-b021-6963d0396543
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
     cvss-score: 7.5
     cwe-id: CWE-22
+    cve-id: CVE-2015-1000010
   tags: wordpress,wp-plugin,lfi,wp
 
 requests:

cves/2015/CVE-2015-1579.yaml

@@ -1,17 +1,19 @@
-id: wp-revslider-file-download
+id: CVE-2015-1579
 
 info:
-  name: Wordpress Revslider - Local File Inclusion
+  name: WordPress Slider Revolution - Local File Disclosure
   author: pussycat0x
   severity: high
   description: WordPress Revslider  is affected by an unauthenticated file retrieval vulnerability, which could result in attacker downloading the wp-config.php file.
   reference:
     - https://blog.sucuri.net/2014/09/slider-revolution-plugin-critical-vulnerability-being-exploited.html
     - https://cxsecurity.com/issue/WLB-2021090129
+    - https://wpscan.com/vulnerability/4b077805-5dc0-4172-970e-cc3d67964f80
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
     cvss-score: 7.5
     cwe-id: CWE-22
+    cve-id: CVE-2015-1579
   metadata:
     google-dork: inurl:/wp-content/plugins/revslider
   tags: wordpress,wp-plugin,lfi,revslider

cves/2020/CVE-2020-8772.yaml

@@ -1,7 +1,7 @@
-id: wordpress-infinitewp-auth-bypass
+id: CVE-2020-8772
 
 info:
-  name: WordPress InfiniteWP Client Authentication Bypass
+  name: InfiniteWP Client < 1.9.4.5 - Authentication Bypass
   author: princechaddha
   severity: critical
   description: InfiniteWP Client plugin versions 1.9.4.4 or earlier contain a critical authentication bypass vulnerability. InfiniteWP Client is a plugin that, when installed on a WordPress site, allows a site owner
@@ -9,9 +9,11 @@ info:
   reference:
     - https://www.wordfence.com/blog/2020/01/critical-authentication-bypass-vulnerability-in-infinitewp-client-plugin/
     - https://wordpress.org/plugins/iwp-client/#developers
+    - https://wpscan.com/vulnerability/fac62d36-0fa1-4b43-8f5c-bddbd0cff140
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.8
+    cve-id: CVE-2020-8772
   remediation: Upgrade to InfiniteWP Client 1.9.4.5 or higher.
   tags: wordpress,auth-bypass,wp-plugin
 

cves/2021/CVE-2021-24165.yaml

@@ -1,4 +1,4 @@
-id: ninjaform-open-redirect
+id: CVE-2021-24165
 
 info:
   name: Ninja Forms < 3.4.34 - Administrator Open Redirect

cves/2021/CVE-2021-25112.yaml

@@ -1,20 +1,13 @@
 id: CVE-2021-25112
 
 info:
-  name: WordPress WHMCS Bridge < 6.4b -  Cross-Site Scripting
-  author: DhiyaneshDK
+  name: WHMCS Bridge < 6.4b - Reflected Cross-Site Scripting (XSS)
+  author: dhiyaneshDk
   severity: medium
-  description: WordPress WHMCS Bridge < 6.4b is susceptible to authenticated reflected cross-site scripting because the plugin does not sanitize and escape the error parameter before outputting it back in admin dashboard.
+  description: The plugin does not sanitise and escape the error parameter before outputting it back in admin dashboard, leading to a Reflected Cross-Site Scripting
   reference:
     - https://wpscan.com/vulnerability/4aae2dd9-8d51-4633-91bc-ddb53ca3471c
-    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25112
-    - https://plugins.trac.wordpress.org/changeset/2659751
-  classification:
-    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
-    cvss-score: 6.1
-    cve-id: CVE-2021-25112
-    cwe-id: CWE-79
-  tags: cve,cve2021,wordpress,xss,wp-plugin,authenticated
+  tags: wordpress,wp-plugin,authenticated,whmcs,xss
 
 requests:
   - raw:
@@ -26,7 +19,6 @@ requests:
         Cookie: wordpress_test_cookie=WP%20Cookie%20check
 
         log={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1
-
       - |
         GET /wp-admin/options-general.php?page=cc-ce-bridge-cp&error=%3Cimg%20src%20onerror=alert(document.domain)%3E HTTP/1.1
         Host: {{Hostname}}
@@ -37,7 +29,8 @@ requests:
       - type: word
         part: body
         words:
-          - "<img src onerror=alert(document.domain)>"
+          - "<strong><img src onerror=alert(document.domain)></strong>"
+        condition: and
 
       - type: word
         part: header
@@ -47,5 +40,3 @@ requests:
       - type: status
         status:
           - 200
-
-# Enhanced by mp on 2022/04/21

cves/2021/CVE-2021-32789.yaml

@@ -1,26 +1,30 @@
-id: wordpress-woocommerce-sqli
+id: CVE-2021-32789
 
 info:
-  name: Woocommerce Unauthenticated SQL Injection
-  author: rootxharsh,iamnoooob,S1r1u5_,cookiehanhoan,madrobot
+  name: WooCommerce Blocks 2.5 to 5.5 & Woocommerce 3.3 to 5.5 - Authenticated ? & Unauthenticated SQL Injection
+  author: rootxharsh,iamnoooob,S1r1u5_,cookiehanhoan,madrobot,akincibor
   severity: critical
   description: The Woocommerce plugin for Wordpress contains an unauthenticated SQL injection vulnerability.
   reference:
     - https://woocommerce.com/posts/critical-vulnerability-detected-july-2021
     - https://viblo.asia/p/phan-tich-loi-unauthen-sql-injection-woocommerce-naQZRQyQKvx
     - https://securitynews.sonicwall.com/xmlpost/wordpress-woocommerce-plugin-sql-injection/
+    - https://wpscan.com/vulnerability/1212fec8-1fde-41e5-af70-abdd7ffe5379 #CVE-2021-32790 (Authenticated ?)
+    - https://wpscan.com/vulnerability/0f2089dc-9376-4d7d-95a2-25c99526804a #CVE-2021-32789
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
     cvss-score: 10.0
     cwe-id: CWE-89
-  tags: wordpress,woocommerce,sqli,wp-plugin,injection
+    cve-id: CVE-2021-32789
+  tags: wordpress,woocommerce,sqli,wp-plugin,injection,wp
 
 requests:
   - method: GET
     path:
-      - '{{BaseURL}}/wp-json/wc/store/products/collection-data?calculate_attribute_counts[0][query_type]=or&calculate_attribute_counts[0][taxonomy]=%252522%252529%252520union%252520all%252520select%2525201%25252Cconcat%252528id%25252C0x3a%25252c%252522sqli-test%252522%252529from%252520wp_users%252520where%252520%252549%252544%252520%252549%25254E%252520%2525281%252529%25253B%252500'
       - '{{BaseURL}}/?rest_route=/wc/store/products/collection-data&calculate_attribute_counts[0][query_type]=or&calculate_attribute_counts[0][taxonomy]=%252522%252529%252520union%252520all%252520select%2525201%25252Cconcat%252528id%25252C0x3a%25252c%252522sqli-test%252522%252529from%252520wp_users%252520where%252520%252549%252544%252520%252549%25254E%252520%2525281%252529%25253B%252500'
+      - '{{BaseURL}}/wp-json/wc/store/products/collection-data?calculate_attribute_counts[0][query_type]=or&calculate_attribute_counts[0][taxonomy]=%252522%252529%252520union%252520all%252520select%2525201%25252Cconcat%252528id%25252C0x3a%25252c%252522sqli-test%252522%252529from%252520wp_users%252520where%252520%252549%252544%252520%252549%25254E%252520%2525281%252529%25253B%252500'
 
+    stop-at-first-match: true
     matchers-condition: and
     matchers:
       - type: word

cves/2022/CVE-2022-0150.yaml

@@ -1,4 +1,4 @@
-id: accessibility-helper-xss
+id: CVE-2022-0150
 
 info:
   name: WP Accessibility Helper (WAH) < 0.6.0.7 - Reflected Cross-Site Scripting (XSS)

cves/2022/CVE-2022-1390.yaml

@@ -1,18 +1,20 @@
-id: admin-word-count-column-lfi
+id: CVE-2022-1390
 
 info:
   name: WordPress Admin Word Count Column 2.2 - Local File Inclusion
   author: daffainfo,Splint3r7
   severity: high
-  description: WordPress Admin Word Count Column 2.2 is vulnerable to local file inclusion.
+  description: The plugin does not validate the path parameter given to readfile(), which could allow unauthenticated attackers to read arbitrary files on server running old version of PHP susceptible to the null byte technique. This could also lead to RCE by using a Phar Deserialization technique.
   reference:
     - https://packetstormsecurity.com/files/166476/WordPress-Admin-Word-Count-Column-2.2-Local-File-Inclusion.html
     - https://wordpress.org/plugins/admin-word-count-column/
+    - https://wpscan.com/vulnerability/6293b319-dc4f-4412-9d56-55744246c990
   remediation: This plugin has been closed as of March 29, 2022 and is not available for download.
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
     cvss-score: 7.5
     cwe-id: CWE-22
+    cve-id: CVE-2022-1390
   tags: wordpress,wp-plugin,lfi,wp
 
 requests:

cves/2022/CVE-2022-1391.yaml

@@ -1,17 +1,19 @@
-id: cab-fare-calculator-lfi
+id: CVE-2022-1391
 
 info:
-  name: WordPress Cab fare calculator 1.0.3 - Local File Inclusion
+  name: WordPress Cab fare calculator < 1.0.4 - Local File Inclusion
   author: Hassan Khan Yusufzai - Splint3r7
   severity: high
   description: WordPress Cab fare calculator 1.0.3 is vulnerable to local file inclusion.
   reference:
     - https://www.exploit-db.com/exploits/50843
     - https://wordpress.org/plugins/cab-fare-calculator
+    - https://wpscan.com/vulnerability/680121fe-6668-4c1a-a30d-e70dd9be5aac
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
     cvss-score: 7.5
     cwe-id: CWE-22
+    cve-id: CVE-2022-1391
   tags: wordpress,wp-plugin,lfi,wp
 
 requests:

vulnerabilities/wordpress/ad-widget-lfi.yaml

@@ -8,6 +8,7 @@ info:
   reference:
     - https://cxsecurity.com/issue/WLB-2017100084
     - https://plugins.trac.wordpress.org/changeset/1628751/ad-widget
+    - https://wpscan.com/vulnerability/caca21fe-56bf-4d4c-afc8-4a218e52f0a2
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
     cvss-score: 7.5

vulnerabilities/wordpress/advanced-access-manager-lfi.yaml

@@ -8,6 +8,7 @@ info:
   reference:
     - https://wpscan.com/vulnerability/9873
     - https://id.wordpress.org/plugins/advanced-access-manager/
+    - https://wpscan.com/vulnerability/dfe62ff5-956c-4403-b3fd-55677628036b
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
     cvss-score: 7.5

vulnerabilities/wordpress/brandfolder-open-redirect.yaml

@@ -1,7 +1,7 @@
 id: brandfolder-open-redirect
 
 info:
-  name: WordPress Brandfolder - Remote/Local File Inclusion
+  name: WordPress Brandfolder - Open Redirect
   author: 0x_Akoko
   severity: low
   description: WordPress Brandfolder is vulnerable to remote/local file inclusion and allows remote attackers to inject an arbitrary URL into the 'callback.php' endpoint via the 'wp_abspath' parameter which will redirect the victim to it.

vulnerabilities/wordpress/eatery-restaurant-open-redirect.yaml

@@ -1,10 +1,10 @@
 id: eatery-restaurant-open-redirect
 
 info:
-  name: WordPress Attitude Themes 1.1.1 Open Redirection
+  name: WordPress Eatery Restaurant Themes < 2.2 - Open Redirection
   author: 0x_Akoko
   severity: low
-  description: The WordPress Attitude Themes allows remote attackers to redirect users to an attacker controlled URL.
+  description: The WordPress Eatery Themes allows remote attackers to redirect users to an attacker controlled URL.
   reference:
     - https://cxsecurity.com/issue/WLB-2020030183
   tags: wordpress,wp-theme,redirect

vulnerabilities/wordpress/feedwordpress-xss.yaml

@@ -1,41 +0,0 @@
-id: feedwordpress-xss
-
-info:
-  name: FeedWordPress < 2022.0123 - Reflected Cross-Site Scripting (XSS)
-  author: dhiyaneshDk
-  severity: medium
-  description: The plugin is affected by a Reflected Cross-Site Scripting (XSS) within the "visibility" parameter.
-  reference:
-    - https://wpscan.com/vulnerability/7ed050a4-27eb-4ecb-9182-1d8fa1e71571
-  tags: wordpress,wp-plugin,xss,feedwordpress,authenticated
-
-requests:
-  - raw:
-      - |
-        POST /wp-login.php HTTP/1.1
-        Host: {{Hostname}}
-        Origin: {{RootURL}}
-        Content-Type: application/x-www-form-urlencoded
-        Cookie: wordpress_test_cookie=WP%20Cookie%20check
-
-        log={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1
-      - |
-        GET /wp-admin/admin.php?page=feedwordpress%2Fsyndication.php&visibility=%22%3E%3Cimg+src%3D2+onerror%3Dalert%28document.domain%29%3E HTTP/1.1
-        Host: {{Hostname}}
-
-    cookie-reuse: true
-    matchers-condition: and
-    matchers:
-      - type: word
-        part: body
-        words:
-          - '"><img src=2 onerror=alert(document.domain)>" method="post">'
-
-      - type: word
-        part: header
-        words:
-          - text/html
-
-      - type: status
-        status:
-          - 200

vulnerabilities/wordpress/nativechurch-wp-theme-lfd.yaml

@@ -7,6 +7,7 @@ info:
   description: WordPress NativeChurch Theme is vulnerable to local file inclusion in the download.php file.
   reference:
     - https://packetstormsecurity.com/files/132297/WordPress-NativeChurch-Theme-1.0-1.5-Arbitrary-File-Download.html
+    - https://wpscan.com/vulnerability/2e1062ed-0c48-473f-aab2-20ac9d4c72b1
   tags: wordpress,wp-theme,lfi
 
 requests:

vulnerabilities/wordpress/newsletter-manager-open-redirect.yaml

@@ -1,24 +0,0 @@
-id: newsletter-manager-open-redirect
-
-info:
-  name: Newsletter Manager < 1.5 - Unauthenticated Open Redirect
-  author: akincibor
-  severity: low
-  description: |
-    The plugin used base64 encoded user input in the appurl parameter without validation, to redirect users using the header() PHP function, leading to an open redirect issue.
-  reference:
-    - https://wpscan.com/vulnerability/847b3878-da9e-47d6-bc65-3cfd2b3dc1c1
-  metadata:
-    verified: true
-  tags: wp-plugin,redirect,wordpress,wp,unauth
-
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}/?wp_nlm=confirmation&appurl=aHR0cDovL2ludGVyYWN0LnNo"
-
-    matchers:
-      - type: regex
-        part: header
-        regex:
-          - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1

vulnerabilities/wordpress/sassy-social-share.yaml

@@ -4,6 +4,9 @@ info:
   name: Sassy Social Share <= 3.3.3 - Cross-Site Scripting
   author: Random_Robbie
   severity: medium
+  description: AJAX endpoints which returns JSON data has no Content-Type header set, and uses default text/html. Any JSON that has HTML will be rendered as such.
+  reference:
+    - https://wpscan.com/vulnerability/4631519b-2060-43a0-b69b-b3d7ed94c705
   tags: wordpress,wp-plugin,sassy,xss
 
 requests:

vulnerabilities/wordpress/video-synchro-pdf-lfi.yaml

@@ -1,17 +1,19 @@
-id: video-synchro-pdf-lfi
+id: CVE-2022-1392
 
 info:
   name: WordPress Videos sync PDF 1.7.4 - Local File Inclusion
-  author: Hassan Khan Yusufzai - Splint3r7
+  author: Splint3r7
   severity: high
   description: WordPress Videos sync PDF 1.7.4 is vulnerable to local file inclusion.
   reference:
     - https://www.exploit-db.com/exploits/50844
     - https://wordpress.org/plugins/video-synchro-pdf/
+    - https://wpscan.com/vulnerability/fe3da8c1-ae21-4b70-b3f5-a7d014aa3815
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
     cvss-score: 7.5
     cwe-id: CWE-22
+    cve-id: CVE-2022-1392
   tags: wordpress,wp-plugin,lfi,wp
 
 requests:

vulnerabilities/wordpress/w3c-total-cache-ssrf.yaml

@@ -1,7 +1,7 @@
 id: w3c-total-cache-ssrf
 
 info:
-  name: Wordpress W3C Total Cache SSRF <= 0.9.4
+  name: Wordpress W3C Total Cache <= 0.9.4 - Unauthenticated Server Side Request Forgery (SSRF)
   author: random_robbie
   severity: medium
   description: The W3 Total Cache WordPress plugin was affected by an Unauthenticated Server Side Request Forgery (SSRF) security vulnerability.

vulnerabilities/wordpress/wordpress-social-metrics-tracker.yaml

@@ -4,7 +4,10 @@ info:
   name: Social Metrics Tracker <= 1.6.8 - Unauthorised Data Export
   author: randomrobbie
   severity: medium
-  tags: wordpress,wp-plugin
+  description: The lack of proper authorisation when exporting data from the plugin could allow unauthenticated users to get information about the posts and page of the blog, including their author's username and email.
+  reference:
+    - https://wpscan.com/vulnerability/f4eed3ba-2746-426f-b030-a8c432defeb2
+  tags: wordpress,wp-plugin,wp
 
 requests:
   - method: GET

vulnerabilities/wordpress/wordpress-zebra-form-xss.yaml

@@ -1,12 +1,13 @@
 id: wordpress-zebra-form-xss
 
 info:
-  name: Wordpress Zebra Form - Cross-Site Scripting
+  name: Zebra_Form Library <= 2.9.8 - Reflected Cross-Site Scripting (XSS)
   author: madrobot
   severity: medium
   reference:
     - https://blog.wpscan.com/2021/02/15/zebra-form-xss-wordpress-vulnerability-affects-multiple-plugins.html
-  tags: wordpress,xss
+    - https://wpscan.com/vulnerability/e4b796fa-3215-43ff-a6aa-71f6e1db25e5
+  tags: wordpress,xss,wp
 
 requests:
   - raw:

vulnerabilities/wordpress/wp-ambience-xss.yaml

@@ -1,11 +1,12 @@
 id: wp-ambience-xss
 
 info:
-  name: WordPress Theme Ambience - 'src' Reflected Cross-Site Scripting (XSS)
+  name: WordPress Theme Ambience <= 1.0 - Cross-Site Scripting (XSS)
   author: daffainfo
   severity: medium
   reference:
     - https://www.exploit-db.com/exploits/38568
+    - https://wpscan.com/vulnerability/c465e5c1-fe43-40e9-894a-97b8ac462381
   tags: wordpress,xss,wp-plugin
 
 requests:

vulnerabilities/wordpress/wp-church-admin-xss.yaml

@@ -5,7 +5,7 @@ info:
   author: daffainfo
   severity: medium
   reference:
-    - https://packetstormsecurity.com/files/132034/WordPress-Church-Admin-0.800-Cross-Site-Scripting.html
+    - https://packetstormsecurity.com/files/132034/WordPress-Church-Admin-0.800-Cross-Site-Scripting.html # Is this stored ?
   tags: wordpress,xss,wp-plugin
 
 requests:

vulnerabilities/wordpress/wp-whmcs-xss.yaml

@@ -1,42 +0,0 @@
-id: wp-whmcs-xss
-
-info:
-  name: WHMCS Bridge < 6.4b - Reflected Cross-Site Scripting (XSS)
-  author: dhiyaneshDk
-  severity: medium
-  description: The plugin does not sanitise and escape the error parameter before outputting it back in admin dashboard, leading to a Reflected Cross-Site Scripting
-  reference:
-    - https://wpscan.com/vulnerability/4aae2dd9-8d51-4633-91bc-ddb53ca3471c
-  tags: wordpress,wp-plugin,authenticated,whmcs,xss
-
-requests:
-  - raw:
-      - |
-        POST /wp-login.php HTTP/1.1
-        Host: {{Hostname}}
-        Origin: {{RootURL}}
-        Content-Type: application/x-www-form-urlencoded
-        Cookie: wordpress_test_cookie=WP%20Cookie%20check
-
-        log={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1
-      - |
-        GET /wp-admin/options-general.php?page=cc-ce-bridge-cp&error=%3Cimg%20src%20onerror=alert(document.domain)%3E HTTP/1.1
-        Host: {{Hostname}}
-
-    cookie-reuse: true
-    matchers-condition: and
-    matchers:
-      - type: word
-        part: body
-        words:
-          - "<strong><img src onerror=alert(document.domain)></strong>"
-        condition: and
-
-      - type: word
-        part: header
-        words:
-          - text/html
-
-      - type: status
-        status:
-          - 200

vulnerabilities/wordpress/wp-woocommerce-email-verification.yaml

@@ -1,12 +1,13 @@
 id: wp-woocommerce-email-verification
 
 info:
-  name: WordPress WooCommerce <1.8.2 - Authentication Bypass
+  name: Email Verification for WooCommerce < 1.8.2 - Loose Comparison to Authentication Bypass
   author: random_robbie,daffianfo
   severity: critical
-  description: WordPress WooCommerce prior to version 1.8.2  contains a loose comparison issue which could allow any user to log in as administrator.
+  description: Email Verification for WooCommerce Wordpress plugin prior to version 1.8.2  contains a loose comparison issue which could allow any user to log in as administrator.
   reference:
     - https://wpvulndb.com/vulnerabilities/10318
+    - https://wpscan.com/vulnerability/0c93832c-83db-4053-8a11-70de966bb3a8
   classification:
     cvss-metrics: CVSS:10.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
     cvss-score: 10.0

vulnerabilities/wordpress/wp-woocommerce-file-download.yaml

@@ -1,7 +1,7 @@
 id: wp-woocommerce-file-download
 
 info:
-  name: WordPress WooCommerce < 1.2.7 - Arbitrary File Retrieval
+  name: Product Input Fields for WooCommerce < 1.2.7 - Unauthenticated File Download
   author: 0x_Akoko
   severity: high
   description: WordPress WooCommerce < 1.2.7 is susceptible to file download vulnerabilities. The lack of authorization checks in the handle_downloads() function hooked to admin_init() could allow unauthenticated
@@ -13,7 +13,7 @@ info:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
     cvss-score: 8.6
     cwe-id: CWE-22
-  tags: wordpress,woocommerce,lfi
+  tags: wordpress,woocommerce,lfi,wp
 
 requests:
   - method: GET